PDA

Click to See Complete Forum and Search --> : "A potentially dangerous Request.Form value was detected from the client"

THY02K
June 8th, 2009, 07:51 AM
I have embedded some secret in my webpage:


<input name="ctl00$txtEncryptedAuthToken" type="hidden" id="ctl00_txtEncryptedAuthToken" value="2'*—d-&amp;#171;Y‚&amp;#251;&amp;#176;&amp;#237;F7&amp;#224;_]tL&amp;#175;%v&amp;#241;5&amp;gt;&amp;gt;8&amp;#209;&amp;#215;&amp;#160;œf&amp;#253;&amp;#248;&amp;#178;&amp;#176;&amp;#200;&amp;#164;z&amp;#187;&amp;#208;&amp;#220;J&amp;#220;‚&amp;#209;Ÿ&amp;#245;p'/g&amp;#237;`„@&amp;#214;d?&amp;#225;&amp;#208;&amp;#186;&amp;#226;&amp;#247;&amp;#179;+)&amp;#225;&amp;#252;*e/(&amp;#228;;&amp;#215;S›&amp;#211;&amp;#239;&amp;#184;&amp;#252;_r&amp;#239;&amp;#201;&amp;#191;�&amp;#207;J&amp;#162;}2R9&amp;#229;žv(›&amp;#230;&amp;#232;—&amp;gt;q)&amp;#163;&amp;#232;ŠEY&amp;#218;&amp;#193;&amp;#226;&amp;#224;&amp;#187;&amp;#162;&amp;quot;&amp;#173;&amp;#179;Ÿ&amp;#168;&amp;#166;—&amp;#227;�&amp;#215;€w&amp;#168;9,&amp;#161;&amp;#219;&amp;quot;&amp;#168;�LhŸqž&amp;#217;&amp;#225;&amp;#250;&amp;#201;&amp;#236;&amp;#163;ˆ&amp;#221;&amp;#190;&amp;#208;Q&amp;#231;˜&amp;#173Wink&amp;#246;&amp;#179;wG&amp;#209;&amp;#176;P&amp;#219;&amp;#223;hpNu•&amp;#222;&amp;#188;’&amp;#210;V&amp;#210;&amp;#241;&amp;#195;
T&amp;#255;X=r&amp;#239;&amp;#219;‰h&amp;#235;tŒ&amp;#191;" />


And on postback I get: "A potentially dangerous Request.Form value was detected from the client"

okay I understand this, http://www.cryer.co.uk/brian/mswinswdev/ms_vbnet_server_error_potentially_dangerous.htm[^]

But I don't think it is open/close tag (because there isn't one and I already HtmlEncode the string before I stick it on the page). And I certainly don't want to turn off page validation by setting ValidateRequest="false". What other alternative do I have?

Note difference between big/small open bracket character however:
› small bracket
> big/open bracket

Thanks