C# – HttpRequestValidationException on PostBack within UpdatePanel

ajaxasp.netc

HttpRequestValidationException occurs when I try post when txtBulletin contains any HTML, like "Hello<br />World"

Bulletin.aspx

<asp:UpdatePanel ID="upContent" runat="server" UpdateMode="Always">
    <ContentTemplate>
        <div class="content bulletin-content">
            <asp:TextBox ID="txtBulletin" runat="server"
                         TextMode="MultiLine" />
            <div class="bulletin-edit">
                <asp:ImageButton ID="btnSaveBulletin" runat="server" 
                         ImageUrl="~/images/icons/check.gif"
                         CommandName="SaveChanges"
                         OnCommand="btnEditBulletin_Click"
                         Visible="false" />
            </div>
        </div>
    </ContentTemplate>
</asp:UpdatePanel>

Bulletin.aspx.cs

protected void btnEditBulletin_Click(object sender, CommandEventArgs e)
{
    if (e.CommandName == "Edit")
    {
        // Do something
    }
    else if (e.CommandName == "SaveChanges")
    {
        // Do something
    }
    else if (e.CommandName == "Cancel")
    {
        // Do something
    }
}

I have no idea how to bypass this, or why it evens does the validation for me. On error, the page no longer handles any PostBack events until I refresh the page.

Best Answer

ASP.NET checks POST values for potentially dangerous strings. This is done to prevent DoS attacks and the like.

To disable this, you'll need to edit the web.config file. Make sure the following element exists under <system.web>:

<pages validateRequest="false" />

Alternatively, to turn off request validation on a page-by-page basis, set the ValidateRequest property to false in the @Page declaration at the top of the ASPX page in question.

EDIT: Included details about how to turn request validation off for specific pages.

Related Topic