I know that there has to be a better way to do this. But here goes anyway. I'm doing some testing in a ASP.NET prototype that will later become a Web Service. For now, I'm just serializing the response per Jeff's snippet and showing within a ASP.NET TextBox server control. However, when I do a second postback, I get this error.
A potentially dangerous Request.Form value was detected from the client...
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBoxResult="...="1.0"?> <RespType ...").
I know that helping the application prevent malicious input is a good thing in this crazy evil world, but I trust the input since I am the only user of this test code. So, I want to disable this. ASP.NET to the rescue again. Just add a ValidateRequest="false" to the @Page attribute in the ASPX file to disable the feature for the current page. You could also disable for all applications in the Machine.Config, but DO NOT DO THAT.
Another option would be to encode the output to the client with the following: Server.HtmlEncode( TextBox1.Text ). Then, is doesn't appear as XML b/c all of the tag brackets are now text equivalents. However, it doesn't look like XML anymore.
Anyway, this is just a testing fact, not to be used in production...
11:01:06 AM
|