Monday, January 16, 2012

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client

While I was working on a web shopping project, we were creating email templates to send to users regarding order status. Sometimes we need to format the email template by using some HTML tags like <div> or <br>, which was prevented by ASP.Net. Every time you try to submit HTML tags within the ASP.Net textbox, you get the System.Web.HttpRequestValidationException. So I decided to find a way to encode the tags using javascript first to allow data to be processed by server then at the server action I decoded it to have the original HTML tags inserted into database. Here is the script I added to my aspx page.


<script type="text/javascript">
function escapeHTML (str)
{
   var div = document.createElement('div');
   var text = document.createTextNode(str);
   div.appendChild(text);
   return div.innerHTML;
}
function HTMLEncode()
{
    document.getElementById('<%= txtBox.ClientID %>').value = escapeHTML(document.getElementById('<%= txtBox.ClientID %>').value);
}
</script>


This is the button that is used for submitting data to server and hence inserting into database.


<asp:Button ID="btnAdd" runat="server" Text="Add" OnClientClick="HTMLEncode()" OnClick="btnAdd_Click" />


And finally the server side decode which transfers the HTML tags back to their original status.



protected void btnAdd_Click(object sender, EventArgs e)
{
string Value = HttpUtility.HtmlDecode(txtBox.Text);
//Insert Value into database
}


I hope you find this useful.
Posted by at 1 comment:
Labels: , , , , , , ,

In the name of Allah بسم الله الرحمن الرحيم

Lets begin blogging...
اللهم استخدمنى لفائدة الاسلام والمسلمين
Posted by at No comments:
Subscribe to: Posts (Atom)