Request.Form value was detected from the client …’ and need to get around this somehow. When I looked at the database it has text like <ol><li>text</li></ol> in it. I hate to do a mass UPDATE as I am afraid it may not display correctly on the old classic
asp site. Any ideas? Thanks.
<httpRuntime requestValidationMode="2.0" />
in your webconfig. if you are setting this option ensure that you take steps to protect against genuine attacks.
Please refer the below link which dicuss a similar scenario and how to overcome it
Use HtmlEncode() on the value so they will display literally. I think that will work.
Use <%# Server.HTMLEncode(Bind("FaqResponse") %>. It will display the HTML encoded string in your text box.
is that it gave them an automatic numbered list. They use this text field for instructions, etc. and I would like to allow them to have numbered paragraphs when the display the text in a Label control (which it does now) and also in a TextBox control when
they edit or insert rows.
First thing I would like to mention is that you should be (if you are not already) aware of the XSS (cross site scripting) risks involved. So if you don’t already know gather some basic information. Secondly microsoft do have an antiXSS library that you
should use. Download the library from the following link:
This library will give you many options to cleans your data so that request validation won’t fail.
you have a fool-proof method. Thanks.
That would be the best choice if you do not want to add anti XSS library. Request validation is there to protect you from XSS, and you need other libraries only when you decide to allow seemingly malicious data to enter into your system (by turning off request