Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeGetting StartedGetting StartedInstalling DNN ...Installing DNN ...[5.4.0] A potentially dangerous Request.QueryString[5.4.0] A potentially dangerous Request.QueryString
Previous
 
Next
New Post
4/29/2010 6:34 AM
 
chris martin

Joined: 4/21/2010
Posts: 2

 

Hi

Thanks for the reply.

The error message is copied below and sorry, yes, I am running version 4.0.

Chris

 

 

A potentially dangerous Request.QueryString value was detected from the client (error="...$SkinLst="<Use Default Site Sk...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (error="...$SkinLst="<Use Default Site Sk...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (error="...$SkinLst="<Use Default Site Sk...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_QueryString() +56
   DotNetNuke.HttpModules.UrlRewriteModule.RewriteUrl(HttpApplication app) +375
   DotNetNuke.HttpModules.UrlRewriteModule.OnBeginRequest(Object s, EventArgs e) +1199
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 
 
New Post
5/10/2010 10:07 AM
 
Anas Ghanem


Joined: 9/3/2006
Posts: 47
This is happening because in ASP.NET 4, the RequestValidation will occure for any asp.net resource and not only the aspx resources.As a result, the DNN url rewrite module is throwing that exception. I blogged abou this issue in this link: http://weblogs.asp.net/anasghanem/archive/2010/05/10/you-may-get-quot-a-potentially-dangerous-request-querystring-value-was-detected-from-the-client-quot-after-upgrading-to-asp-net-4.aspx
Anas Ghanem,
My blog
 
New Post
8/11/2010 12:23 PM
 
lauren meyers

Joined: 9/18/2003
Posts: 40
I am getting the same error following upgrade to .Net 4.0. The application is running in 4.0 app pool, however at time of setup it may not have been. In any case I manually added the "requestValidationMode=2.0" to web config which resolved the problem. Now upon compile within VS 2008 this 'requestValidationMode' throws an unrecognized attribute error. I assume this is because build target .Net 3.5 (does not offer 4.0). Is the only solution to roll back to earlier version of .Net if using VS 2008?
 
New Post
3/24/2011 10:20 AM
 
Judy Vedder


arukor.com
Joined: 2/14/2008
Posts: 142
I just ran into this error when I was trying to open a freshly installed DNN 5.6.1 website using vs 2010.  In searching for a solution I found this DNN thread and I also found this thread http://forums.asp.net/p/1550353/3799820.aspx

In the forums.asp.net thread I found good detailed answers(read all the way through to the end of my explanation for the full answer)

First detail:
In the web.config file, within the <system.web> tags, insert the httpRuntime element with the attribute requestValidationMode="2.0". Also add the validateRequest="false" attribute in the pages element.

Example:

<configuration>
  <system.web>
   <httpRuntime requestValidationMode="2.0" />
  </system.web>
  <pages validateRequest="false">
  </pages>
</configuration>

 2. Detail was that the <pages validateRequest="false"> was not needed - I did not add this to my web.config

3. I found that this is already in the web.config

<httpRuntime useFullyQualifiedRedirectUrl="true" maxRequestLength="8192" requestLengthDiskThreshold="8192" />

So I only had added the requestValidationMode="2.0" to the end to create the following -

<httpRuntime useFullyQualifiedRedirectUrl="true" maxRequestLength="8192" requestLengthDiskThreshold="8192" requestValidationMode="2.0" />

This corrected the problem.

Question:
Earlier in the DNN thread Cathlin said that this is handled by DNN at the server level and this only occurs if you open it in vs2010 - why is this line not in the web.config when it is released. There was a short-time where creating a local DNN was a breeze, you simply created a folder, unzipped the DNN installation, opened the website in visual studio, and did an auto install and then you were ready to work. It is important that ease be carried forward.  Now if I have to modify the web.config before I can work in vs 2010 we have gone backwards in productivity!

Hope this detail helps others.

Judy
 
New Post
3/24/2011 11:20 AM
 
Erik van Ballegoij


Erik van Ballegoij's Avatar

erikvanballegoij.com
Joined: 4/7/2004
Posts: 4445
> why is this line not in the web.config when it is released.

my guess would be that this is because DNN does not require .Net 4.0 yet...
Erik van Ballegoij, Former DNN Corp. Employee and DNN Expert

DNN Blog | Twitter: @erikvb | LinkedIn: Erik van Ballegoij on LinkedIn
 
 Page 2 of 3
Previous123Next 
Previous
 
Next
HomeHomeGetting StartedGetting StartedInstalling DNN ...Installing DNN ...[5.4.0] A potentially dangerous Request.QueryString[5.4.0] A potentially dangerous Request.QueryString


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out