Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

html in textbox gives "A potentially dangerous Request.Form value"

Status
Not open for further replies.

glyn6

Programmer
Nov 2, 2009
561
GB
I've got a textbox that a user can enter html into. I want to save the contents of the box including any html, but when the user clicks the <asp:button, before any other code is called, the browser error message

A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtGeneral="...R

pops up. Googled the fix for this and I added
ValidateRequest="False"
to the page and
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
to web.config

Now I get a different message
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster

which google says needs me to add
<machineKey validation="SHA1"
validationKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4CB2A1A1B2C3D4 E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1B2C3D4E5"
decryption="Auto"
decryptionKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1" />
to the web.config.

Even with this chunk in the web.config however, the browser still returns the "Validation of viewstate MAC failed." message.

Any ideas on how to fix this or more importantly, is there a way of bypassing this junk. I've got code to check for injection attack that will run before the save is made, I just want the browser to process the click. I know it's in there for security but there seems no way to get html out of a text area to a place it can be processed in whatever way you want.

How does everyone else process html in a text areaa?

Thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top