The error you're seeing is caused by the .NET Framework. Thats one of the good things about .NET - it warns you of some types of potentially malicios user input by default. In this case, it is telling you that someone is trying to post HTML code to your page.
The reason this is not allowed is because a user could inject some HTML in there (for example, a bit of javascript redirecting to their own site) and then if you write this data back to clients at any point, the javascript will be executed and users will be redirected to another site (or shown popups, or whatever the malicious user inserted)
If you know that there's no feasible way for this to happen, you can turn off this validation very easily, although it's not reccomended.
<@ Page language="VB" ValidateRequest="false" %>
Or (definitly not reccomended) yo ucan turn it off for the entire site in web.config by adding
<pages ValidateRequest="false" />
into your web.config file.
Instead, what you should do is use something like BBCode and only allow the tags you want, such as [p], [b], [i], etc. that when converted to HTML can't really do any damage at all.
__________________
Minaki Serinde MCP
"Wow, Linux is nearly on-par with Windows ME!"
Please login or register to view this content. Registration is FREE | Please login or register to view this content. Registration is FREE
|
