vb.net - ASP.NET Snowman in Validation Error -


we've been experiencing problem on our site in internet explorer 8.

we have form, when submitted in ie8 displays validation exception, claiming character "☃" potentially dangerous.

system.web.httprequestvalidationexception (0x80004005): potentially dangerous request.form value detected client (_utf8="☃").

the funny thing character not typed in, , not part of our vb .net project.

if set page validaterequest = "false", error goes away, fear opening ourselves xss attacks. sanitise our own inputs, rather got source of problem, rather creating work around.

this thread regarding ruby seems interesting, we're unsure how applies our situation: what _snowman param in ruby on rails 3 forms for?

also worth considering form works in other browsers have tested (ie11, chrome, fire fox, opera).

you can override specific case in request validator (excuse c#, you'll able translate it):

public class enhancedrequestvalidator : requestvalidator {   protected override bool isvalidrequeststring(httpcontext context, string value, requestvalidationsource requestvalidationsource, string collectionkey, out int validationfailureindex) {     if (!string.isnullorempty(value)) {       value = value.replace("_utf8=\"☃\"", string.empty);     }     return base.isvalidrequeststring(context, value, requestvalidationsource, collectionkey, out validationfailureindex);   } } 

and in web.config

<system.web>   <httpruntime      requestvalidationtype="contosco.web.enhancedrequestvalidator, contosco.web" /> </system.web> 

Comments

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

openid - Okta: Failed to get authorization code through API call -

ios - Change Storyboard View using Seague -