PDA

View Full Version : Interesting Little Note From Firefox



SurferJoe46
04-04-2007, 03:14 AM
The little security guy who lives in my computer told me something this morning:

Server Error in '/SpecialMemories' Application.

A potentially dangerous Request.QueryString value was detected from the client (url="...ories/JavaScript:void(0);").

Description:
Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details:
System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (url="...ories/JavaScript:void(0);").

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

This is a lot of gibberish..right? I have the stack trace if someone can actually read what it says:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (url="...ories/JavaScript:void(0);").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +240
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_QueryString() +122
System.Web.UI.Page.GetCollectionBasedOnMethod() +85
System.Web.UI.Page.DeterminePostBackMode() +128
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87

Should I think this was handled or did it get through?

TGoddard
04-04-2007, 08:44 AM
Don't sweat about it. The web developer is just using some stupid antics with XMLHTTPRequest stuff. The phrase "javascript:void(0);" basically means "do nothing" and should not be part of an XMLHTTPRequest URL -- this simply makes no sense.

Shortcircuit
04-04-2007, 09:06 AM
A more pertinent question would be:

Are they your special memories in trouble or do they belong to 'the security guy who lives in your computer'? :waughh:

sarel
04-04-2007, 02:27 PM
Are they your special memories in trouble or do they belong to 'the security guy who lives in your computer'?

It's been called senility and some of us more mature members (sounds nice, doesn't it) also suffer from it - even a perfect male specimen like myself. I never thought getting old would be so difficult - the eyes can't read the rugby scores that well anymore so I solved that by getting a bigger TV (lol). Some of the other problems - yeah well, let's rather leave it there.

sarel

Graham L
04-04-2007, 07:47 PM
Special Memories with a null request? That would seem to indicate a boring life.

Perhaps best avoided.