How to overcome error "A Potentially dangerous Request.Form Value".

In order to avoid script injection attacks(where forms are used as a way that hackers tried to break in to Microsoft systems through applications. ) .NET has added strong monitoring to form data entry that will sniff out "potentially dangerous" strings entered via a form.Thats why special chars in forms will throw this error.To avoid this we need to do the following

Set the page directive

<%@ Page validateRequest="false"  %>

Secondly we need to HTMLencode all your form data . This way any seemingly dangerous characters that look like application code such as "<" or ">" will be converted to their harmless encoded values

Eg. server.HTMLEncode(text1.text)


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.