This error is caused because the .NET framework detected HTML in an input control (e.g. TextBox). I've highlighted 3 possible ways to get round the issue, all with their advantages and disadvantages:
1. Add the following to the existing Page directive on the relevant pages.
<%@ Page Language="C#" MasterPageFile="~/Master.master" ValidateRequest="false" AutoEventWireup="true" CodeFile="Default.aspx.cs"
Inherits="_Default" %>
2. Add the following to the Web.config within the <system.web> section (globally disable request validation). This will allow users to enter HTML into controls which could be harmful or result in undesirable consequences.
<system.web>
<pages validateRequest="false" />
</system.web>
3. Unless you need users to be able to enter HTML into a form, make sure all HTML displayed in controls is encoded.
lblTextBox.Text = HttpUtility.HtmlEncode( lblTextBox.Text );
No comments:
Post a Comment