On Sat, 2005-08-06 at 12:57 +0200, Jan Waiz wrote: > In an aspx-File i receive in the Page_Load via
> this.Request.QueryString[“ID”]; > a Paramter without any Problem. > When trying to call an other aspx-File via: > this.Response.Redirect( “MyForm.aspx” ); > I got an Runtime-Error: > > A potentially dangerous Request.Form value was detected from the > client You can disable that behavior by setting the @Page attribute ValidateRequest to false. It's value is set to true by default as a mean to protect programmers from themselves. If you set that to false you have to know what you're doing with the input you get. Specifically, UrlEncode/UrlDecode or HtmlEncode/HtmlDecode the values before sending them back to the user to prevent XSS attacks. -Gonzalo _______________________________________________ Mono-list maillist - Mono-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-list