c# - A potentially dangerous Request.Form value was detected from the client Exception -

-

we have internet site on 2 servers load balance server code identical on both servers 1 of servers shows below exception every minut, "$maincontent$aspcontrol" changing each time.

a potentially dangerous request.form value detected client (ctl00$maincontent$drpownernationality="...lect'"()&%<acx><script >prompt...").   @ system.web.httprequest.validatestring(string value, string collectionkey, requestvalidationsource requestcollection)    @ system.web.httprequest.validatehttpvaluecollection(httpvaluecollection collection, requestvalidationsource requestcollection)    @ system.web.httprequest.get_hasform()    @ system.web.ui.page.getcollectionbasedonmethod(boolean dontreturnnull)    @ system.web.ui.page.determinepostbackmode()    @ system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)    @ system.web.ui.page.processrequest(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)    @ system.web.ui.page.processrequest()    @ system.web.ui.page.processrequest(httpcontext context)    @ system.web.httpapplication.callhandlerexecutionstep.system.web.httpapplication.iexecutionstep.execute()    @ system.web.httpapplication.executestep(iexecutionstep step, boolean& completedsynchronously)_applicationerror,

i think 1 of control (drpownernationality) has script..asp.net potential xss validation of inputs on form...so detecting script in 1 of controls exceptions states.

problem 1 of user of application entering script in textbox/control , not validting @ client end.

one way validation @ client end , inform users cannot enter scripts in control

other way turn off validation setting validatereqeust attribute on page false

<@ page validaterequest="false" %>

but if have exposed application xss attacks.one way disable validation , encoding of input before processing information...

`httpserverutility.htmlencode(drpownernationality.selectedtext);` // assuming dropdown

Comments

Post a Comment

Popular posts from this blog

java - Run spring boot application error: Cannot instantiate interface org.springframework.context.ApplicationListener -

-
i have spring project , try make use spring boot , run @ embadded tomcat following : https://spring.io/guides/gs/rest-service/ this application //@configuration //@enableaspectjautoproxy @springbootapplication @componentscan(basepackages = "gux.prome") public class application { public static void main(string[] args) { springapplication.run(application.class, args); } } if use maven command: mvn spring-boot:run , project starts fine, need debug , run main method @ intelij, exception occurs: exception in thread "main" java.lang.illegalargumentexception: cannot instantiate interface org.springframework.context.applicationlistener : org.springframework.boot.logging.classpathloggingapplicationlistener @ org.springframework.boot.springapplication.createspringfactoriesinstances(springapplication.java:414) @ org.springframework.boot.springapplication.getspringfactoriesinstances(springapplication.java:394) @ org.springframework.bo...
Read more

reactjs - React router and this.props.children - how to pass state to this.props.children -

-
i'm using react-router first time , don't know how think in yet. here's how i'm loading components in nested routes. entry point .js reactdom.render( <router history={hashhistory} > <route path="/" component={app}> <route path="models" component={content}> </route> </router>, document.getelementbyid('app') ); app.js render: function() { return ( <div> <header /> {this.props.children} </div> ); } so child of app content component sent in. i'm using flux , app.js has state , listens changes, don't know how pass state down this.props.children. before using react-router app.js defines children explicitly, passing state natural don't see how now. using couple of react helper methods can add state, props , whatever else this.props.children render: function() { var children = react.ch...
Read more

Excel VBA "Microsoft Windows Common Controls 6.0 (SP6)" Location Changes -

-
i have excel workbook used generate quotations customers. there main page user inputs data, , there buttons generate various pdfs , send them customer. however, 1 user consistently getting error preventing generating , sending pdfs. i beleive "microsoft windows common controls 6.0 (sp6)". it's installed on users' computers. on mine, location "c:\windows\syswow64\mscomctl.ocx" on others "c:\windows\system32\mscomctl.ocx" the user experiencing issues on 32-bit machine, "mscomctl.ocx" file should in system32. have manually put in there, , pointed common controls reference in vba it. issue seems keep reverting looking in syswow64. since folder doesn't exist, can't find it, , can't produce pdfs. i thought perhaps issue user running older version of office (2007) there users on 2013 , 2016. thought perhaps mixture of 64-bit , 32-bit users. user gets sent workbook other users (as quotation process goes further, gets passed ...
Read more