Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

Captcha HttpRequestValidationException: A potentially dangerous Request

1 Answer 162 Views
Captcha
This is a migrated thread and some comments may be shown as answers.
Yeroon
Top achievements
Rank 2
Yeroon asked on 20 Jan 2010, 12:40 PM
Hello,

Just to inform you on a error I got. I can work around it by ommiting the culprit symbols from the CaptchaImage-CharSet.

But I got this error with the following setup:

<telerik:RadCaptcha ID="RadCaptcha1" Runat="server" EnableRefreshImage="true"   
                                CaptchaTextBoxLabel="<br />neem de code over."   
                                CaptchaLinkButtonText="Genereer nieuwe code" 
                                CaptchaImage-TextChars="CustomCharSet"   
                                CaptchaImage-CharSet="ABCDEFGHIJKLMNPQRSTUVWXY@#%&"   
                                Display="Dynamic"   
                                ProtectionMode="Captcha"   
                                RegisterWithScriptManager="true"   
                                ErrorMessage="Foute code"   
                                ValidationGroup="submitGroup"  > 
                        </telerik:RadCaptcha> 

At a certain point the code was: JP&#D and that generated the below error:

Server Error in '/PWeb' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (RadCaptcha1$CaptchaTextBox="JP&#D").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (RadCaptcha1$CaptchaTextBox="JP&#D").

1 Answer, 1 is accepted

Sort by
0
Pero
Telerik team
answered on 21 Jan 2010, 09:50 AM
Hello Yeroon,

I believe the problem is caused by the "&#" characters. The Entity Numbers of the HTML character entities start with "&#" and when they are posted to the server, the request is validated as dangerous because the input is interpreted as trying to inject HTML or client-script.

My recommendation is to exclude any characters that might cause possibly dangerous input.

Greetings,
Pero
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
Tags
Captcha
Asked by
Yeroon
Top achievements
Rank 2
Answers by
Pero
Telerik team
Share this question
or