Hi, I have just come across an issue that is affecting all my sites across an installation of Mojoportal.
On making an edit to a page I get the following error

"We're sorry but a server error has occurred while trying to process your request.

The error has been logged and will be reviewed by our staff as soon as possible. It is possible that the error was just a momentary hiccup and you may wish to use the back button and try again or go back to the home page."

So I have a look at the system log and get the information copied below in full which says I have "A potentially dangerous Request.Form value was detected from the client" the rest of the log follows. 

This has occurred soon after a change to allow large files to be uploaded. I had set so that large files could be used, then upgraded mojoportal to the latest version and in doing so moved to .net 4.0. The large file loads were working fine prior to the migration and then stopped once migrated, I realised that this was as some of the settings had not been carried accross to the new web config file, so I have now replicated the.

This may be linked as the stack referes to httpRuntime requestValidationMode which is regards to file size, but was not in the previous version of the web config.

This is obviously having a huge impact on my site, so would really appreciate if you have any suggestions as to why this error may occur and what I should look at to resolve this. I am using neat upload to transfer the large files. I don't know if this is causing the issues, but seams it may be related. (any suggestions)

Server Error in '/' Application.

A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<h3>
Independent</...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<h3>
Independent</...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

2011-11-02 07:43:17,268 ERROR 77.100.254.124 - en-US - /HtmlEdit.aspx?mid=524&pageid=408 - mojoPortal.Web.Global - 77.100.254.124 /HtmlEdit.aspx?mid=524&pageid=408 Referrer(http://www.whichersifa.acvita.com/HtmlEdit.aspx?mid=524&pageid=408) useragent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<h3>Independent</h3>...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.HttpRequest.get_HasForm()
   at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
2011-11-02 07:44:10,472 INFO (null) - (null) - (null) - mojoPortal.Web.Global - Application Started.

I resolved this by commenting in the new line that has been placed in the web config file.

<httpRuntime requestValidationMode="2.0" maxUrlLength="560" maxQueryStringLength="2048"  />

Bit unsure if this leaves my application exposed to script attacks. Looking at the supporting info http://www.asp.net/learn/whitepapers/request-validation.

My understanding is that it implies it will prevent scripting attacks unless the config file is set with.

<pages validateRequest="false" />

I have looked in the config file and this is already set as false. Will that leave the site exposed to an attack or is it necessary to be included.

Thanks for explaining that