A potentially dangerous Request.form value was detected from the client - html

What is this and why am i getting it when i try to login to my website? It looks like form injection warning but from where,how, and why. My computer doesnt have a virus or malware (that i know of) Im running an almost brand new mac os x 10.9 and the browser im using is Google Chrome.
The full error message is as follows:
Error Message:
A potentially dangerous Request.Form value was detected from the client (h_rm_pgs_ClientState="...rialGirls'","value":"1695...").
Where is this coming from and why?

Trace sent values by Google Chrome. Just right click and select Inspect Element then go to Network and after that open target page to trace and understand what happened.
I guess it happens when your browser has unwanted plugins or additional tools in your computer. Good Luck.

I'm guessing you have a password that contains "<".
ASP.NET returns that message from it's request validation in an attempt to stop XSS.

Related

Unwanted Output In Console

I've started to get some strange output in my developer console. I was wondering if there was a way to turn it off.
Net state changed from IDLE to BUSY
That outputs whenever anything server side is called, you can imagine that it might cause a lot of clutter.
I was faced out with this issue also, tried to google, but no results.
Do not worry. This output appears when you call add-on back-end by calling google.script.run. It is default output for debugging the state of a connection.
Probably you have a loop that gets information from the add-on backend infinitely.
I'm assuming the messages are coming from warden source.
To solve this, you can simply right click (Windows) or double click (Mac) to bring up the help menu. Then access Filter and click the source of the element you want to filter out of your console. It should then disappear.
Let me know how that works

Chrome Invalid SSL Certificate Security Warning

I ran into an interesting problem today using Chrome and I'm hoping there is a better way to fix it than what I ended up doing.
The issue starts with an invalid SSL certificate on a site that I'm configuring. In Chrome it's possible to advance past this screen using a link which adds a security exception for the current domain so that you don't have to view this warning message again.
It's also possible to clear this warning by going to the site with the exception then clicking the Not secure text and choosing the Re-enable warnings option.
Now my problem, I have a couple different redirects in place on the site that will redirect my .com and .bank domains to the primary .net domain. While developing I added security exceptions for all three of these domains. This becomes and issue when testing that my SSL certificate is configured properly. I want to clear out Chrome's stored exception for the .com domain - but I cannot do so using the Re-enable warnings option because as soon as I arrive at the page Chrome sees that an exception is already stored and proceeds to load the page normally which then gets redirected to the .net domain. Because of this there is no point where I can actually clear out the bypassed security warning in Chrome...
The only way I've been able to find to clear out these exceptions is to use the Reset option in Chrome's settings, which is not something I want to do regularly. I'm wondering if there is a hidden settings page in Chrome that lists all of the bypassed security warnings so that I may clear them out individually.
To "Re-enable warnings" for all SSL warnings if you don't want to clear your history (or if you dont know all the exemptions you have in place), you can close Chrome and edit:
"C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences"
and set ssl_cert_decisions":{},"
Stored in the JSON-path:
profile > content_settings > exceptions > ssl_cert_decisions
Or you can change the decision_expiration_time of the specific exemption to be equal to the last_modified time
Example: "ssl_cert_decisions":{"https://expired.badssl.com:443,*":{"last_modified":"13235055329485008","setting":{"cert_exceptions_map":{"-201cgaDTf2DD6Cj0N6/tKvudkzDuRBA3GwKd8T9hE7mHhQ=":1},"decision_expiration_time":"13235055329485008","version":1}}}
you will have to clear the browsing data for that site, the easiest way I found to do this is (Ctrl+Shift+Del) to bring the clear browser data window up then set time range to 1 hour, choose browsing history only then click clear data. Hope this is useful.

Google Chrome Translate Page Does Not Work

In Google Chrome, Translate to English (or any other language) function was working fine, but all of the sudden it stopped working.
By looking at the console, I see error messages when the page tries to translate:
Failed to load resource: the server responded with a status of 403 () https://translate.googleapis.com/translate_a/t?anno=3&client=te_lib&format=html&v=1.0&key=no&logld=vTE_20170619_02&sl=da&tl=en&tc=1&tk=927511.556110&mode=1
I tried completely uninstalling Google Chrome and installing it again but it still does not work, it also does not work in Incognito Window.
It works fine in other machines, any ideas?
It looks like that you don't have the api key:
key=no
Look at environment variables to see if GOOGLE_API_KEY is set to no and delete it.
For now, I would just translate pages the long way.
I.E.:
Going to https://translate.google.com and typing your address in the input box, and going to address produced in the output box.
If you want to continue our discussion from the comments, I have created a chat for us to keep talking about your issue.

Bizarre Error in Chrome Developer Console - Failed to load resource: net::ERR_CACHE_MISS

As far as I can tell, this error was not being thrown yesterday on Chrome, and as of this morning, it is. I have not changed any of my browser settings. I have attached a screenshot (after opening/closing Developer Tools window four times):
This issue is tangentially similar to Stack Overlow post Failed to load resource under Chrome except that it only occurs when I "Inspect Element" in Chrome. Here are the details I have:
To the best of my ability I undid everything I did since last night (when I did not have this error) and the error persists. When I remove all pre-<html> PHP code, the error disappears.
When I only remove all the pre-<html> PHP code except
<?php session_start(); ?>
the error returns.
Since the error seems to involve PHP, I checked my error log, but there are no notices, warnings, nor errors. When I close the Developer Tools window and then open up the window without a page reload, the number of errors increments by one each time.
When I keep the window open, and then reload the page, the page reloads without throwing the error. However, as soon as I close the Developer tools window again, then open it (no page reload), the error is thrown. I checked my site on Firefox with Firebug enabled, and no errors are thrown, making it seem like a Chrome issue (version 38). My site seems to function normally otherwise. Other sites on device browsed via Chrome (for example, Yahoo) also experience this error.
Also, I have not manually changed any of my browser settings since months ago. As an additional note, this is the second strange error I have encountered in Chrome in the last year (see Stack Overflow question Failed to load resource: net::ERR_NETWORK_IO_SUSPENDED), to which no one was able to find a solution, even with a bounty offered.
Is there a way to prevent this error, or is this a browser-only issue? On a side note, when I open up Developer Tools in Chrome for Stack Overflow, there is no error thrown, so either Stack Overflow is not coded in PHP or they have a way to prevent this error. I think my site is not affected, but I am not 100% sure, and it makes me nervous :)
Per the developers, this error is not an actual failure, but rather "misleading error reports". This bug is fixed in version 40, which is available on the canary and dev channels as of 25 Oct.
Patch
On Chrome's latest update (38.0.2125.104 m at the moment), Google added the option to know whether the files loaded to the website were newly downloaded from the server - or read from the local cache.
When an error like yours "hits" the console - you know the files were just downloaded from the server and not read from the local cache. You can recreate this error by clicking Ctrl + F5 (refresh and erase cache).
It fits your description where Firebug (or equivalents) doesn't fire any errors to the console - whilst Chrome does.
So, the bottom line is - your're just fine and you can ignore this error - it's merely an indicator.
Check to see if you have previously disabled caching in Chrome when the developer console is open - the setting is under the console, settings icon > General tab: Disable cache (while DevTools is open)
Check for the presence of words like "ad", "banner" or "popup" within your file. I removed these and it worked. Based on this post here: Failed to load resource under Chrome it seems like Ad Block Plus was the culprit in my case.
See if you can recreate the issue in an Incognito tab. If you find that the problem no longer occurs then I would recommend you go through your extensions, perhaps disabling them one at a time. This is commonly the cause as touched on by Nikola
I had issues getting through a form because of this error.
I used Ctrl+Click to click the submit button and navigate through the form as usual.

Page can not be displayed

I've got a client that sees the "Page can not be displayed" (nothing else) whenever they perform a certain action in their website. I don't get the error, ever. I've tried IE, FF, Chrome, and I do not see the error. The client sees the error on IE.
The error occurs when they press a form submit button that has only hidden fields.
I'm thinking this could be some kind of anti-malware / virus issue. has anyone ever dealt with this issue?
In IE, go to the "Anvanced" section of "Internet Options" and uncheck "Show friendly HTTP errors". This should give you the real error.
Is this an IE message? Ask them to switch off "short error messages" (or whatever they are called in the english version) somewhere deep in IEs options - This will make IE display the error message your server is sending instead of its own unhelpful message.
Also I've heard that IE might be forced to show server provided error messages if only the page is long/large enough, so you might want to add a longer " " section to error messages. This information is old enough that it might have effected older versions of IE - I usually get to the root of problems with eliminating the "short error messages"
Note: I'm neither running IE nor Windows, therefor can only operate on memory regarding the name of the config options of IE6...
Update: corrected usage in the suggestion to provide longer error messages... Perhaps somebody with access to IE can approve if longer error pages still force IE to display the original error page instead of the user friendly (sic) one.
It would be useful to you to figure out which error code is returned. Is it 404 - Resource not found or 503 - Forbidden Access? There are a few more, but in any case, it would help you figure out the cause of the problem.
If your client is running IE, ask him to disable friendly error messages in the advanced options.
Check their "hosts file". The location of this file is different for XP and vista
in XP I believe it's C:\windows\hosts or C:\windows\system32\hosts
Look for any suspicious domains.. Generally speaking, there should only be ~2 definitions (besides comments) in the files defining localhost and other local ip definitions. If there's anything else, make sure it's supposed to be there.
Otherwise, maybe the site's just having issues? Also, AFAIK, FF never displays "Page cannot be displayed", so are you sure this is the case in all browsers?
You can try using ieHTTPHeaders to see what is going on behind the scenes.
Do you have any events applied to your submit button? Are you doing a custom submit button that is a hyperlink with an href like "javascript:void(0)" and an event attached that submits the form?
Alought this is a 2008 thread,
but I think maybe someone still use windows xp in the virtualbox in 2018 like me.
The issue I met in 2018 is:
1. Ping to 8.8.8.8 can get correct responses.
2. HTTP sites is working fine, but HTTPS is not.
3. I cannot connect to any site with HTTPS so I cannot download Chrome or Firefox.
And my solution is to enable the TLS 1.0 for secure connections
Everything is fine.