I've got an ascx that needs people to be able to put in a list of email addresses. ( eg "Jim" <[email protected]>, "Bob" <[email protected]> ) However when the user submits this form the A potentially dangerous Request.Form value was detected from the client error occurs. Usually I set ValdateRequest="false" on the aspx page, but as I'm using umbraco is there a way I can do this from the usercontrol? I've tried this but it hasn't worked:
Just a thought - it maybe the way you are entering the data i.e. ASP.NET maybe detecting it as a XSS injection. Have you tried escaping the data before saving?
That is an option, I suppose by using javascript to html encode the textbox value before submitting and then decoding it server-side? However, if the user doesn't have javascript that wouldn't be possible. Is there any other way?
Then the user enters the list of email addresses and clicks submit, the exception would occur before the btnSendEmail_Click function would be called so I wouldn't have a chance to modify the text of the textbox server-side or am I missing something here? Ideally I would like to just disable the Request validation for the page from the usercontrol or failing that disabling request validation from the template or site.
Ah well. I've had to go for the nuclear option and disable request validation for the whole site in web.config. It's a shame you can't disable it at a more precise level.
Thanks for your suggestion. I've finished that project now but I'll try the validateRequest tag in the template next time I come across this issue. The usercontrol code unfortunatly did not work.
setting ValidateRequest in umbraco
Hi
I've got an ascx that needs people to be able to put in a list of email addresses. ( eg "Jim" <[email protected]>, "Bob" <[email protected]> ) However when the user submits this form the A potentially dangerous Request.Form value was detected from the client error occurs. Usually I set ValdateRequest="false" on the aspx page, but as I'm using umbraco is there a way I can do this from the usercontrol? I've tried this but it hasn't worked:
protected void Page_Init(object sender, EventArgs e)
{
((umbraco.UmbracoDefault)this.Page).ValidateRequest = false;
}
Just a thought - it maybe the way you are entering the data i.e. ASP.NET maybe detecting it as a XSS injection. Have you tried escaping the data before saving?
Would be safer than turning the Validation off
Adrian
That is an option, I suppose by using javascript to html encode the textbox value before submitting and then decoding it server-side? However, if the user doesn't have javascript that wouldn't be possible. Is there any other way?
This is happening because <> in <[email protected]>
Try using
HttpUtility.HtmlEncodeto Encode the data - basically converts the <> to < and >
Hope that helps
Hi Adrian
Thanks for your suggestion but I'm not sure at what point I can do that. For example imagine my front end code is as such:
Then the user enters the list of email addresses and clicks submit, the exception would occur before the btnSendEmail_Click function would be called so I wouldn't have a chance to modify the text of the textbox server-side or am I missing something here? Ideally I would like to just disable the Request validation for the page from the usercontrol or failing that disabling request validation from the template or site.
Ah well. I've had to go for the nuclear option and disable request validation for the whole site in web.config. It's a shame you can't disable it at a more precise level.
web.config:
You can add this to your template to disable the validateRequest :
Or add this to the code of your usercontrol :
Thanks for your suggestion. I've finished that project now but I'll try the validateRequest tag in the template next time I come across this issue. The usercontrol code unfortunatly did not work.
is working on a reply...