IdentityServer2 icon indicating copy to clipboard operation
IdentityServer2 copied to clipboard
verified publisher icon IdentityServer

A potentially dangerous Request.Form value in Password

Open lestersconyers opened this issue 11 years ago • 0 comments

When a user attempts to enter a password that contains an angle bracket, they get an error that states

A potentially dangerous Request.Form value was detected from the client (Password="87s*17s(~<Z81dxs)1z")

Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.

This is default ASP.NET behavior but I'm tempted to allow "dangerous" content for the password as I don't think it's wise to limit the wildcard characters a user can choose. Has anyone else run across this dilemma? What are you thoughts?

lestersconyers avatar Jan 20 '15 16:01 lestersconyers