Est. Reading Time: 2 minutes
I was going to write about the Peloponnesian War, its ramification on the course of Western Civilization and how that ancient struggle correlates to the Microsoft vs. Apple battles we see today. But, in addition to the fact that I really don’t know very much about the Athenians or Spartans, that war was fought, as my son Tyler would say, “a very long long day ago”. Instead I’ll write about how in ASP.NET you can prevent an error from being written to the server’s application log.
Let’s look at the “A potentially dangerous Request.Form value was detected from the client“ error that can show up on an ASP.NET page. This error is thrown when potential HTML or other script tags are entered into a textbox of an ASP.NET form. This error gives you something looking like …..
The error itself isn’t a bad thing since it helps prevent script injection attacks. (If you want to allow script tags to be entered on your form there are several things you can do. Check them out here.) Our problem was that when an unaccounted for error is thrown in ASP.NET, the error is written to the server’s application log. We have a utility that reads the application log and email’s the system administrator any errors that show up. Our administrator had to screen all of these emails in looking for one’s that we really needed to see.
The solution is to put some code into the Application_Error method of the global.asax file that will trap and remove the error that we don’t want to log.
Notice that after clearing the error we need to redirect to another page. If, after clearing the error, we allowed the page to load, we would see a blank page. (The error that would have been displayed is erased by the Server.ClearError() command).
You could also include the code in the page’s “Error” event. However, you would have to include the code on every page instead of in just one place.
So, if you have any interest in preventing an ASP.NET error from being written to the server’s Application log, consider using the Application _Error method of the site’s global.asax