jeremyh
  •  jeremyh
  • 52.4% (Neutral)
  • YAF Forumling Topic Starter
2010-06-29T13:38:49Z
After a new clean install of 1.9.4-FINAL when I try a save of "Host Settings" I get the following error:

Edit: This is a Windows Server 2008 box with IIS7.



A potentially dangerous Request.Form value was detected from the client (forum$ctl01$HostSettingsTabs$View7$UserBox="<yaf:avatar /><div c...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133 .

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (forum$ctl01$HostSettingsTabs$View7$UserBox="<yaf:avatar /><div c...").
Sponsor
Jaben
  •  Jaben
  • 100% (Exalted)
  • YAF Developer
2010-06-29T15:40:39Z
I'm am going to repeat exactly what the error says:

Set <pages validateRequest="false"> in the web.config. Since you are using .NET v4, you have to follow additional steps listed -- add <httpRuntime requestValidationMode="2.0">
jeremyh
  •  jeremyh
  • 52.4% (Neutral)
  • YAF Forumling Topic Starter
2010-06-29T16:01:31Z
Great, thank you. It was the <httpRuntime requestValidationMode="2.0"> which I was missing.

(Goes within the <system.web> section in case anyone else runs across this thread.)
cagliostro
2010-08-23T13:33:25Z

Where are those "extra steps" for Net4 documented ? I can't find them anywhere ....

thanks

About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved