An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtComment="this ia<BR>a test").] System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) System.Web.HttpRequest.get_Form() +113 System.Web.UI.Page.GetCollectionBasedOnMethod() System.Web.UI.Page.DeterminePostBackMode() System.Web.UI.Page.ProcessRequestMain() System.Web.UI.Page.ProcessRequest() System.Web.UI.Page.ProcessRequest(HttpContext context) System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
The validateRequest feature should be disabled for pages that contain a CuteEditor control; this enables the user to enter HTML code into the database. This is safe, as the CuteEditor does its own protection to prevents HTML scripts attacks by correctly encoding all text by default.
asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx Web Messenger: http://cutesoft.net/Web-Messenger/default.aspxasp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspxasp wysiwyg html editor: http://cutesoft.net/ASP asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx Live Support: http://cutesoft.net/live-support/default.aspx
Content can be easily HTML-encoded on the server using the Server.HtmlEncode(string) API. Content can also be easily HTML-decoded, that is, reverted back to standard HTML using the Server.HtmlDecode(string) method.