Problem description: This is another interesting issue, which I came across while helping one of my customers.
1) As project admin open team web access home and click 'new -> bug' to open form for creating new bug work item:
2) Type title and a couple of chars in 'Details' text area (don't enter newline)
3) save & close bug work item - result: bug work item successfuly created
4) open created bug work item
5) add 1 new line in bug wi 'details' text area
6)click 'save & close' button
I ran the fiddler tool, which can be download from the following link:
I found lot of 500 internal error messages in the fiddler result set and looked into raw headers in request and response sections.Eventually found out the highlighted error message which helped me to nail down the issue
<div id="errorTitle" style="font-size: larger; font-weight: bold;">A potentially dangerous Request.Form value was detected from the client (ctl00$c$we$ctl73$wc$txt="<P><STRONG>Steps:</S...").</div>
Solution that we found:
I changed the Microsoft TFS Web Access Tool's application pool's .Net Framework version from v4.0.x back to v2.0.x the problem went away.
This attribute doesn't work the same way in v4.0 of .Net Framework as it does in .Net Framework v2.0; reason being there is no RequestValidateMode attribute in the httpRuntime.
Alternative solution if you don't want to change the framework version of the application pool
Hence, if you don’t want to change the framework version of the application pool, the other way out is to make the following modification to the web.config file, you need to add the RequestValidationMode attribute to the httpRuntime node.
<httpRuntime requestValidationMode="2.0" />
Caution: Please make sure that you have taken the back up of the web.config file before making any modifications.
Note: Any change in the web.config file triggers a reload of the AppDomain, so settings from the web.config take effect immediately. No iisreset/recycle required.
Written and Reviewed by Support Escalation Engineer, Nitish Nagpal