A potentially dangerous Request.Form value was detected from the client (TextBox1="...tf-16"?>
<xs:schema id="NewDa...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="...tf-16"?>
<xs:schema id="NewDa...").

Source Error: 

[No relevant source lines]

Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\12\65c96b58\17a872ec\App_Web_syqk3h8u.0.cs    Line: 0

Stack Trace: 

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (TextBox1="...tf-16"?>
            <xs:schema id="NewDa...").]
            System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +287
            System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +107
            System.Web.HttpRequest.get_Form() +109
            System.Web.HttpRequest.get_HasForm() +59
            System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +46
            System.Web.UI.Page.DeterminePostBackMode() +71
            System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7992
            System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +158
            System.Web.UI.Page.ProcessRequest() +85
            System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +20
            System.Web.UI.Page.ProcessRequest(HttpContext context) +110
            ASP.default_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\12\65c96b58\17a872ec\App_Web_syqk3h8u.0.cs:0
            System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +317
            System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +65

菜鳥(niǎo)級(jí)解決方案:
由于在.net中,Request時(shí)出現(xiàn)有HTML或Javascript等字符串時(shí),系統(tǒng)會(huì)認(rèn)為是危險(xiǎn)性值。立馬報(bào)錯(cuò)。

解決方案一: 
在.aspx文件頭中加入這句: 
<%@ Page validateRequest="false"  %> 

解決方案二: 
修改web.config文件: 
<configuration> 
  <system.web> 
    <pages validateRequest="false" /> 
  </system.web> 
</configuration> 

因?yàn)関alidateRequest默認(rèn)值為true。只要設(shè)為false即可。

http://www.cnblogs.com/tyeying/archive/2005/11/28/286127.html

請(qǐng)慎用ASP.Net的validateRequest="false"
http://tech.techweb.com.cn/thread-190917-1-2.html
ASP.Net 1.1后引入了對(duì)提交表單自動(dòng)檢查是否存在XSS(跨站腳本攻擊)的能力。當(dāng)用戶試圖用之類的輸入影響頁(yè)面返回結(jié)果的時(shí)候,ASP.Net的引擎會(huì)引發(fā)一個(gè) HttpRequestValidationExceptioin。默認(rèn)情況下會(huì)返回如下文字的頁(yè)面:# c4 L* t; e" z/ R* r' @5 f
3 L% Z- i. R" f* j
以下是引用片段:7 ?1 y2 E' A" M! R5 F9 W
Server Error in '/YourApplicationPath' Application

) P9 i9 u0 R;
  這是ASP.Net提供的一個(gè)很重要的安全特性。因?yàn)楹芏喑绦騿T對(duì)安全沒(méi)有概念,甚至都不知道XSS這種攻擊的存在,知道主動(dòng)去防護(hù)的就更少了。ASP.Net在這一點(diǎn)上做到默認(rèn)安全。這樣讓對(duì)安全不是很了解的程序員依舊可以寫(xiě)出有一定安全防護(hù)能力的網(wǎng)站。; L1 C* n% n! x  c$ @( O8 M

          但是,當(dāng)我Google搜索 HttpRequestValidationException 或者 "A potentially dangerous Request.Form value was detected from the client"的時(shí)候,驚奇的發(fā)現(xiàn)大部分人給出的解決方案竟然是在ASP.Net頁(yè)面描述中通過(guò)設(shè)置 validateRequest=false 來(lái)禁用這個(gè)特性,而不去關(guān)心那個(gè)程序員的網(wǎng)站是否真的不需要這個(gè)特性。看得我這叫一個(gè)膽戰(zhàn)心驚。安全意識(shí)應(yīng)該時(shí)時(shí)刻刻在每一個(gè)程序員的心里,不管你對(duì)安全的概念了解多少,一個(gè)主動(dòng)的意識(shí)在腦子里,你的站點(diǎn)就會(huì)安全很多。
        為什么很多程序員想要禁止 validateRequest 呢?有一部分是真的需要用戶輸入"<>"之類的字符。這就不必說(shuō)了。還有一部分其實(shí)并不是用戶允許輸入那些容易引起XSS的字符,而是討厭這種報(bào)錯(cuò)的形式,畢竟一大段英文加上一個(gè)ASP.Net典型異常錯(cuò)誤信息,顯得這個(gè)站點(diǎn)出錯(cuò)了,而不是用戶輸入了非法的字符,可是自己又不知道怎么不讓它報(bào)錯(cuò),自己來(lái)處理報(bào)錯(cuò)。! v/ r6 t/ r& q/ H( Z& i
          對(duì)于希望很好的處理這個(gè)錯(cuò)誤信息,而不使用默認(rèn)ASP.Net異常報(bào)錯(cuò)信息的程序員們,你們不要禁用validateRequest=false。6 L8 d2 ~9 l+ A7 f& l, L: X) R
         正確的做法是在你當(dāng)前頁(yè)面添加Page_Error()函數(shù),來(lái)捕獲所有頁(yè)面處理過(guò)程中發(fā)生的而沒(méi)有處理的異常。然后給用戶一個(gè)合法的報(bào)錯(cuò)信息。如果當(dāng)前頁(yè)面沒(méi)有Page_Error(),這個(gè)異常將會(huì)送到Global.asax的Application_Error()來(lái)處理,你也可以在那里寫(xiě)通用的異常報(bào)錯(cuò)處理函數(shù)。如果兩個(gè)地方都沒(méi)有寫(xiě)異常處理函數(shù),才會(huì)顯示這個(gè)默認(rèn)的報(bào)錯(cuò)頁(yè)面呢。