Showing custom error message on exception: A potentially dangerous Request.Form value was detected from the client
Here are a few examples of how to provide a friendlier error msg:
http://romsteady.blogspot.com/2007/06/how-to-catch-httprequestvalidationexcep.html
How to catch HttpRequestValidationException in production
The thing you need to keep in mind is that this exception is thrown before you page code happens. So you normally cannot catch the error in your page code, but only in Application_Error.
I have not tried this myself, but this site gives a alternative way to allow your page code to execute, but still protect yourself from malicious input using the built in logic, as well as catching the exception within your own code.
Related videos on Youtube
Aishwarya Shiva
With over 10 years of experience providing thorough and skillful advice in software development, digital marketing, PC troubleshooting and other tech related issues to both individuals and businesses. Use this VIP link and give me a call for free .NET, C#, ASP.NET, MVC, JAVA, PHP, WCF, WPF etc. consultation: https://clarity.fm/aishwaryashiva/early638
Updated on September 21, 2022Comments
-
Aishwarya Shiva over 1 year
I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
it occurs when a user try to do sql injection attack or some HTML or SCRIPT operations by entering them in Username text field of Login control. I tried many things such as enclosing the authentication login in try catch block and catching theSystem.Web.HttpRequestValidationException
exception also doing same for an event created by me as same as onTextChange for Username TextBox. But all these tries failed. Please tell me how to check for this exception and display a nice funny message to the attacker?-
MethodMan almost 12 yearsCan you please past an example of what the code looks like in regards to what you are trying to accomplish..?? thanks
-
Iain Galloway almost 9 yearsIf you're using IIS7+ there's a simpler solution here:- stackoverflow.com/questions/30071341/…
-