asp.net - A potentially dangerous Request.Form value was detected from the client (textboxError="<Responses><Response...") -
i'm using ozeki ng sms gateway. i'm unable send sms mobile. please me send sms through net mobile
a potentially dangerous request.form value detected client (textboxerror=". after setting value, can disable request validation setting validaterequest="false" in page directive or in configuration section. however, recommended application explicitly check inputs in case. more information, see http://go.microsoft.com/fwlink/?linkid=153133.
exception details: system.web.httprequestvalidationexception: potentially dangerous request.form value detected client (textboxerror="
and cs file is
using system; using system.data; using system.configuration; using system.web; using system.web.security; using system.web.ui; using system.web.ui.webcontrols; using system.web.ui.webcontrols.webparts; using system.web.ui.htmlcontrols; using system.net; using system.text.regularexpressions; public partial class _default : system.web.ui.page { protected void page_load(object sender, eventargs e) { textboxrecipient.width = 400; textboxmessage.width = 450; textboxmessage.rows = 10; textboxerror.width = 400; textboxerror.rows = 5; textboxerror.forecolor = system.drawing.color.red; textboxerror.visible = false; textboxerror.text = ""; if (!page.ispostback) { textboxrecipient.text = "+441234567"; textboxmessage.text = "hello world!"; } } protected void buttonsendonclick(object sender, eventargs e) { //are required fields filled in: if (textboxrecipient.text == "") { textboxerror.text += "recipient(s) field must not empty!\n"; textboxerror.visible = true; return; } //we creating necessary url string: string ozsurl = "http://127.0.0.1"; //where ozeki ng sms gateway running string ozsport = "9501"; //port number ozeki ng sms gateway listening string ozuser = httputility.urlencode("admin"); //username successful login string ozpassw = httputility.urlencode("admin"); //user's password string ozmessagetype = "sms:text"; //type of message string ozrecipients = httputility.urlencode(textboxrecipient.text); //who message string ozmessagedata = httputility.urlencode(textboxmessage.text); //body of message string createdurl = ozsurl + ":" + ozsport + "/httpapi" + "?action=sendmessage" + "&username=" + ozuser + "&password=" + ozpassw + "&messagetype=" + ozmessagetype + "&recipient=" + ozrecipients + "&messagedata=" + ozmessagedata; try { //create request , send data ozeki ng sms gateway server http connection httpwebrequest myreq = (httpwebrequest)webrequest.create(createdurl); //get response ozeki ng sms gateway server , read answer httpwebresponse myresp = (httpwebresponse)myreq.getresponse(); system.io.streamreader respstreamreader = new system.io.streamreader(myresp.getresponsestream()); string responsestring = respstreamreader.readtoend(); respstreamreader.close(); myresp.close(); //inform user textboxerror.text = responsestring; textboxerror.visible = true; } catch (exception) { //if sending request or getting response not successful ozeki ng sms gateway server may not run textboxerror.text = "ozeki ng sms gateway server not running!"; textboxerror.visible = true; } } } and asp page is
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ozeki ng sms gateway message sending example</title> </head> <body> <center> <form id="smsdata" runat="server"> <asp:table id="smstable" runat="server" style="text-align:left; border-width:thin; border-color:silver;" borderstyle="solid"> <asp:tablerow> <asp:tablecell columnspan="2"> <b>compose message:</b> <br /> <br /> </asp:tablecell> </asp:tablerow> <asp:tablerow> <asp:tablecell horizontalalign="left" verticalalign="top"> <asp:label id="labelrecipient" runat="server" text="recipient: "></asp:label> </asp:tablecell> <asp:tablecell> <asp:textbox id="textboxrecipient" runat="server"></asp:textbox> </asp:tablecell> </asp:tablerow> <asp:tablerow> <asp:tablecell horizontalalign="left" verticalalign="top"> <asp:label id="labelmessage" runat="server" text="message text: "></asp:label> </asp:tablecell> <asp:tablecell> <asp:textbox id="textboxmessage" runat="server" textmode="multiline"></asp:textbox> </asp:tablecell> </asp:tablerow> <asp:tablerow> <asp:tablecell columnspan="2" horizontalalign="center"> <asp:button id="buttonsend" runat="server" text="send message" onclick="buttonsendonclick" /> </asp:tablecell> </asp:tablerow> <asp:tablerow> <asp:tablecell columnspan="2" horizontalalign="center"> <asp:textbox id="textboxerror" runat="server" borderstyle="none" textmode="multiline"></asp:textbox> </asp:tablecell> </asp:tablerow> </asp:table> </form> </center> </body> </html>
your problem value of 1 of fields (textboxerror) includes xml- or html-style tags, default disallowed avoid developers introducing potential security issues within applications.
the solution given in error message; need add validaterequest="false" in either @page directive @ top (omitted in sample) or in web.config.
note if you're using .net 4, need drop validation mode 2.0, altering web.config , adding:
<system.web> <httpruntime requestvalidationmode="2.0" /> </system.web> see this msdn article on requestvalidationmode more information on requestvalidationmode.
Comments
Post a Comment