ASP.NET Request Validation has detected a potentially dangerous client input value

This exception occurs when the server meet content containing un-encoded HTML. This is action for preventing script atacks, for example <script> alert("blabla")</script> can be executed. In this way other harmful code can be executed. The request validation feature of ASP.NET doesn't allow this to be done.
To disable request validation on a page you must set the validateRequest attribute of the Page directive to false. The developer has to ensure that the content is properly encoded.
One more way to disable it is by web.config. You have to set
<pages validaterequest="false">

The HTML content can be encoded/decoded using the Server.HtmlEncode(string)/Server.HtmlDecode(string) functions.


  1. This comment has been removed by a blog administrator.

  2. The request validation function of ASP.NET which, by standard, stops the handling of unencoded HTML material posted to the hosting server.