List of all dangerous character combinations for ASP.NET?

There are many questions for how to avoid triggering "A potentially dangerous Request.Form value was detected from the client" error messages which include turning off validation (scary!). I still need to validate the page, so I need a list of special characters that trigger this so that I can provide a user experience better than an error 500 page by replacing the characters before it hits the server. That way if someone turns off javascript for malicious reasons, the server still prevents the characters.

So far as I know the only things that trigger this is < with a non-space character following, and &#. Where can I get a list of all the characters that will trigger this error?

Read more here:

Content Attribution

This content was originally published by SunriseInternational at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: