Freetextbox and validating requests

Question

I am using freetextbox and have added to the web.config of my app but I still get the following error when submitting text with html:

A potentially dangerous Request.Form value was detected from the client (ctl00_MainContent_FreeTextBox1="

I know this is not the preferred way to set up an app but why am I getting these errors even though I have turned off request validation in my app?

I should add that this is a temporary work around for an internal site and I will fix this the right way later — , Jul 10 '09 at 20:48
Did you ever fix this? It seems pretty straightforward in that it's the request validation causing you issues. Did you ever figure out what was not keeping it turned on? — Harv, Jul 20 '09 at 15:45
I'm having this same problem. I've disabled it in every single place I've seen mentioned on the web and it's still doing it. — BarrettJ, Feb 21 '11 at 17:24

Harv · Answer 1 · 2009-07-10T21:01:58.487

2

The short answer is you shouldn't be getting such an error if you turned off Request Validation.

Did you do one of these two things correctly?

Disable on the page by inserting this at the top of the ASPX
Add the below section to your web.config.

<configuration>

<system.web>

<pages validateRequest="false" />

</system.web>

</configuration>

If that doesn't work then check the machine.config and see if the pages validaterequest value is set to true in there as that would override the web.config.

edited Jul 10 '09 at 21:01

answered Jul 10 '09 at 20:49

Harv

555
6
17

Well, that's interesting, because if you are using webforms putting the web.config value in there should disable request validation across the whole app. Is it possible that the machine.config has an explicit setting for that key with a different value in it? That would override what you have in your web.config. – Harv Jul 10 '09 at 21:00

score 1 · Answer 2 · answered Sep 20 '12 at 11:08

1

I had the same problem, and it was actually my fault. Maybe you have done the same mistake: I placed <httpRuntime requestValidationMode="2.0"/> inside <configuration><location><system.web> instead of <configuration><system.web>.

answered Sep 20 '12 at 11:08

bokkie

1,477
4
21
40

score 0 · Answer 3 · answered Jul 10 '09 at 20:46

0

Ensure that you haven't enabled request validation for this page. I would keep validation running for your site - but turn it off on pages where you need this control.

Be sure to sanitize anything that gets posted and be prudent about security.

answered Jul 10 '09 at 20:46

rifferte

1,392
1
13
21

I definitely have not enabled request validation for the page, although there is a master page – Jul 10 '09 at 20:48
request validation is enabled by default, so you need to turn it off – Matthew Groves Jul 10 '09 at 20:55
I did turn it off in the page and in the web.config – Jul 10 '09 at 21:03

Freetextbox and validating requests

3 Answers3