Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Nov 02, 2009 @ 12:34
    Chris Houston
    0

    Error updating Member profile on Our.Umbraco.org

    bugs

    I have just tried to update my profile location on our.umbraco.org to:

    forbury square,rg1 3eu,UK

    And when I click save I get the following error:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl00$ContentPlaceHolderDefault$Main$ctl03$Signup_7$tb_bio="...Houston - <a href="http://blog...").]
       System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8721914
       System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111
       System.Web.HttpRequest.get_Form() +129
       System.Web.HttpRequest.get_Item(String key) +39
       umbraco.UmbracoDefault.Page_Load(Object sender, EventArgs e) +52
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
       System.Web.UI.Control.OnLoad(EventArgs e) +99
       System.Web.UI.Control.LoadRecursive() +50
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
       System.Web.UI.Page.ProcessRequest() +80
       System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
       System.Web.UI.Page.ProcessRequest(HttpContext context) +49
       ASP.default_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\b3d17fb4\4fe1f39b\App_Web_default.aspx.cdcab7d2.nx_y0jiq.0.cs:0
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

    I am using the latest version of Firefox on a Windows 7 PC, not that I think that would make any difference.

    Cheers,

    Chris

    Copy Link
  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Nov 19, 2009 @ 23:36
    Chris Houston
    0

    Hi All,

    Does anyone else experience this error when saving their profile, I have jus tried again and it's still the same for me.

    I assume this is the only place to post the error?

    Cheers,

    Chris

    Copy Link
  • Gary 20 posts 44 karma points
    Nov 20, 2009 @ 01:06
    Gary
    0

    Works fine here. FF3.6b on XP

    I don't have any Bio info though. It looks like it doesn't like your bio?

    Copy Link
  • Chris Houston 535 posts 980 karma points MVP admin c-trib
    Nov 22, 2009 @ 23:38
    Chris Houston
    0

    Hi Gary,

    Yes, I worked it out.

    I am guessing the profile editing code has changed as originally it allowed basic HTML in the profile and hence I had added a link to my blog. But, it seems that this is now not allowed and instead of a graceful error, it bombs!

    If anyone is reading this who is able to fix it.. to replicate the error just type any HTML into your profile and click save.

    Cheers,

    Chris

    Copy Link
  • DetonatorB 17 posts 40 karma points
    Dec 11, 2009 @ 00:39
    DetonatorB
    0

    I cannot tell you exactly what to do, but I can give you some pointers.

    This message is displayed when a page is in postback and the .NET framework detects that formatted text (i.e. HTML or script) is in one of the form fields that was posted back. For instance, if you have a RTE (Rich Text Editor) on the page and press a button to initiate postback.

    You can turn this check off per page although all sanitizing for security is up to you when you do that.
    You are then responsible for avoiding XSS attacks or other malicious code injection attacks for instance.

    If your page starts with:

    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm"%>

    You should add the ValidateRequest property:

    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm" ValidateRequest="false"%>

    Have fun.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft