Posted by : Deepak Vasudevan Thursday, September 11, 2003

Often this Cross Site Scripting has been talked during some site updates and been forgotten. Perhaps if you have installed .NET Framework 1.1, then Scripting and HTML tags via QueryStrings or HTML form tags are just stopped by the framework with the message similar to the following one:

A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.


Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").
Of course, the framework gives an option to enable the page being exempt from this HTTP Request Validations. But it is strongly recommended to have the framework validate your requests before they are being processed by our scripts. Is'nt it?


Popular Post

Blogger templates

Labels

Blog Archive

Followers

Blog Archive

Powered by Blogger.

- Copyright © Lavanya Deepak -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -