HTML tags in textbox causes ValidateRequest exception

[IT4EVR]

On a web form I have a text box and when someone enters html tags in the text box, it throws the infamous exception:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client

One "fix" is to set ValidateRequest to false in the page or config file, but I am not really interested in opening up my code to scripting attacks. The best approach would be to disallow html tags from text boxes.

What are some other approaches?

 

[ca8msm]

You could use a RegularExpression to allow certain items. Aslo, have a look at the approach from:

http://codebetter.com/blogs/peter.van.ooijen/archive/2005/10/21/133505.aspx

____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.