disablerequestvalidation prevents displaying the page

ds 191 posts 223 karma points

Sep 27, 2011 @ 15:11

DisableRequestValidation prevents displaying the page

I am using umbraco 4.7.0 with .net 4. I have a slideshow where my news are displayed on homepage. News source is a rss feed created by xslt. I can display and see slideshow without any problem but when you click one of the news in the slideshow, it should direct you news detail page but upon clicking I got following error.

A potentially dangerous Request.QueryString value was 
detected from the client (~/<link xmlns:media="...helper">  <a 
href="/news/k...").

I searched for that issue on the net and tried in web.config like in the following

<httpRuntime requestValidationMode="2.0" />

<pages validateRequest="false" />

but those suggestion did not work out so after searching in umbraco, I found that I should add below code in the master template

<umbraco:DisableRequestValidation runat="server"/>

but this time when you click one of news in slideshow, it redirects you "page not found" error page set in umbracoSettings.config.

I also add code snippet which causes that error in xslt file

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet
  version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
  xmlns:rssdatehelper="urn:rssdatehelper"
  xmlns:dc="http://purl.org/dc/elements/1.1/"
  xmlns:content="http://purl.org/rss/1.0/modules/content/"
  xmlns:msxml="urn:schemas-microsoft-com:xslt" 
  xmlns:umbraco.library="urn:umbraco.library" xmlns:Exslt.ExsltCommon="urn:Exslt.ExsltCommon" xmlns:Exslt.ExsltDatesAndTimes="urn:Exslt.ExsltDatesAndTimes" xmlns:Exslt.ExsltMath="urn:Exslt.ExsltMath" xmlns:Exslt.ExsltRegularExpressions="urn:Exslt.ExsltRegularExpressions" xmlns:Exslt.ExsltStrings="urn:Exslt.ExsltStrings" xmlns:Exslt.ExsltSets="urn:Exslt.ExsltSets" xmlns:tagsLib="urn:tagsLib" xmlns:BlogLibrary="urn:BlogLibrary" 
  xmlns:media="http://search.yahoo.com/mrss/" exclude-result-prefixes="msxml
 umbraco.library Exslt.ExsltCommon Exslt.ExsltDatesAndTimes 
Exslt.ExsltMath Exslt.ExsltRegularExpressions Exslt.ExsltStrings 
Exslt.ExsltSets tagsLib BlogLibrary ">


  <xsl:output method="xml" omit-xml-declaration="yes"/>
  <xsl:include href="../xslt/LanguageParameter.xslt" />
  <xsl:include href="../xslt/PropertyReferenceTranslation.xslt" />
  <xsl:param name="currentPage"/>

  <!-- Update these variables to modify the feed -->
  <xsl:variable name="RSSNoItems" select="string('200')"/>
  <xsl:variable name="RSSTitle" select="string('My sample rss')"/>
  <xsl:variable name="SiteURL" select="concat('http://', string(umbraco.library:RequestServerVariables('HTTP_HOST')))"/>
  <xsl:variable name="RSSDescription" select="string('Add your description here')"/>

  <!-- This gets all news and events and orders by updateDate to use for the pubDate in RSS feed -->
  <xsl:variable name="pubDate">
    <xsl:for-each select="$currentPage/* [@isDoc]">
      <xsl:sort select="@createDate" data-type="text" order="descending" />
      <xsl:if test="position() = 1">
        <xsl:value-of select="updateDate" />
      </xsl:if>
    </xsl:for-each>
  </xsl:variable>

  <xsl:template match="/">
    <!-- change the mimetype for the current page to xml -->
    <xsl:value-of select="umbraco.library:ChangeContentType('text/xml')"/>

    <xsl:text disable-output-escaping="yes">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</xsl:text>
    <rss version="2.0"
    xmlns:media="http://search.yahoo.com/mrss/"
    xmlns:content="http://purl.org/rss/1.0/modules/content/"
    xmlns:wfw="http://wellformedweb.org/CommentAPI/"
    xmlns:dc="http://purl.org/dc/elements/1.1/">

      <channel>
        <title>
          <xsl:value-of select="$RSSTitle"/>
        </title>
        <link>
          <xsl:value-of select="$SiteURL" />
        </link>
        <pubDate>
          <xsl:value-of select="$pubDate"/>
        </pubDate>
        <generator>umbraco</generator>
        <description>
          <xsl:value-of select="$RSSDescription"/>
        </description>
        <language>en</language>

        <xsl:apply-templates select="$currentPage/* [@isDoc and string(umbracoNaviHide) != '1']">
          <xsl:sort select="@createDate" order="descending" />
        </xsl:apply-templates>
      </channel>
    </rss>

  </xsl:template>

  <xsl:template match="* [@isDoc]">
    <xsl:if test="position() &lt;= $RSSNoItems">
      <item>
        <title>
          <!--<xsl:value-of select="@nodeName"/>   --> 
                  <xsl:call-template name="PropertyReferenceTranslation">
                    <xsl:with-param name="nodeId" select="@id" />
                    <xsl:with-param name="Property" select="'title'" /> 
                    <xsl:with-param name="langISO" select="$langISO" />
                  </xsl:call-template>      
        </title>
        <link>
          <!--<xsl:value-of select="$SiteURL"/><xsl:value-of select="umbraco.library:NiceUrl(@id)"/>-->
          <a href="{concat(umbraco.library:NiceUrl(@id), '?lang=', $langISO)}" ></a>
        </link>
        <description>
          <!--<xsl:value-of select="newsDescription" disable-output-escaping="yes"/>-->  
                 <xsl:call-template name="PropertyReferenceTranslation">
                    <xsl:with-param name="nodeId" select="@id" />
                    <xsl:with-param name="Property" select="'newsDescription'" /> 
                    <xsl:with-param name="langISO" select="$langISO" />
                  </xsl:call-template>
        </description>      
        <pubDate>
          <xsl:value-of select="umbraco.library:FormatDateTime(@createDate,'r')" />
        </pubDate>
        <dc:date.Taken>
          <xsl:value-of select="umbraco.library:FormatDateTime(@createDate,'r')" />
        </dc:date.Taken>
        <author>
           <xsl:value-of select="@writerName"/>
         </author>        
         <guid>
           <xsl:value-of select="$SiteURL"/>
           <xsl:value-of select="umbraco.library:NiceUrl(@id)"/>
         </guid>
        <media:content url="{umbracoFile}" />
        <media:title type="plain">
                  <xsl:call-template name="PropertyReferenceTranslation">
                    <xsl:with-param name="nodeId" select="@id" />
                    <xsl:with-param name="Property" select="'title'" /> 
                    <xsl:with-param name="langISO" select="$langISO" />
                  </xsl:call-template>          
          <!--<xsl:value-of select="title"/>-->  
        </media:title>
        <media:description type="html">
                  <xsl:call-template name="PropertyReferenceTranslation">
                    <xsl:with-param name="nodeId" select="@id" />
                    <xsl:with-param name="Property" select="'newsDescription'" /> 
                    <xsl:with-param name="langISO" select="$langISO" />
                  </xsl:call-template>
          <!--<xsl:value-of select="newsDescription"/>-->  
        </media:description>
        <media:credit role="Software Developer">*</media:credit>     
      </item>
    </xsl:if>
  </xsl:template>

</xsl:stylesheet>

Copy Link

ds 191 posts 223 karma points

Sep 28, 2011 @ 08:09

Any idea?

Copy Link

umbracocool 108 posts 197 karma points

Mar 23, 2013 @ 18:01

Hello friend!. I tell you that I read your problem, which also happened to me. What I did was I put in your code:

<%@ Master Language="C#" MasterPageFile="~/umbraco/masterpages/default.master" AutoEventWireup="true" %>
<asp:Content ContentPlaceHolderID="ContentPlaceHolderDefault" runat="server">
<umbraco:DisableRequestValidation runat="server"/>

</asp:Content>

and it works great!.Thank you!

Copy Link

is working on a reply...

This forum is in read-only mode while we transition to the new forum.

You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Flag this post as spam?

DisableRequestValidation prevents displaying the page