Error: "A potentially dangerous Report.Form value was detected from the client (ReportViewerContr (4329958)

Error: "A potentially dangerous Report.Form value was detected from the client (ReportViewerContr

When running the following report in the Compliance portal the following error may be received:

QCP > SOX > Sec. 404 Management Assessment of Internal Controls > 2. Tracking User Activity > Windows > Administrative Activity > Active Directory > Group Policy Changes > All change requests for GPOs by Initiator

Changing the value of a listbox filter to a value containing tag brackets, e.g. �<All>� leads to the following error if this action is performed from within the Compliance Portal interface:

Reporting Services Error

An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
A potentially dangerous Report.Form value was detected from the client (ReportViewerControl$ctl00$ctl33$ctl00="<All>"

WORKAROUND: (temporary):

The workaround is to turn of the Request Validation mechanism as described at http://www.asp.net/faq/RequestValidation.aspx link.
This request validation can be set within the scope of the entire IIS server or within the scope of one particular application running on that server.
Here is the extract from the link above on how to do this:

Disabling request validation for your application
To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the <PAGES /> section to false:

<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>

If you wish to disable request validation for all applications on your server, you can make this modification to your Machine.config file.

However, such workaround weakens the security of the application by rendering it open to script attacks.

STATUS:
We are currently working on a solution to better handle this type of error.

CR0197314