I am guessing the profile editing code has changed as originally it allowed basic HTML in the profile and hence I had added a link to my blog. But, it seems that this is now not allowed and instead of a graceful error, it bombs!
If anyone is reading this who is able to fix it.. to replicate the error just type any HTML into your profile and click save.
I cannot tell you exactly what to do, but I can give you some pointers.
This message is displayed when a page is in postback and the .NET framework detects that formatted text (i.e. HTML or script) is in one of the form fields that was posted back. For instance, if you have a RTE (Rich Text Editor) on the page and press a button to initiate postback.
You can turn this check off per page although all sanitizing for security is up to you when you do that. You are then responsible for avoiding XSS attacks or other malicious code injection attacks for instance.
Error updating Member profile on Our.Umbraco.org
I have just tried to update my profile location on our.umbraco.org to:
And when I click save I get the following error:
I am using the latest version of Firefox on a Windows 7 PC, not that I think that would make any difference.
Cheers,
Chris
Hi All,
Does anyone else experience this error when saving their profile, I have jus tried again and it's still the same for me.
I assume this is the only place to post the error?
Cheers,
Chris
Works fine here. FF3.6b on XP
I don't have any Bio info though. It looks like it doesn't like your bio?
Hi Gary,
Yes, I worked it out.
I am guessing the profile editing code has changed as originally it allowed basic HTML in the profile and hence I had added a link to my blog. But, it seems that this is now not allowed and instead of a graceful error, it bombs!
If anyone is reading this who is able to fix it.. to replicate the error just type any HTML into your profile and click save.
Cheers,
Chris
I cannot tell you exactly what to do, but I can give you some pointers.
This message is displayed when a page is in postback and the .NET framework detects that formatted text (i.e. HTML or script) is in one of the form fields that was posted back. For instance, if you have a RTE (Rich Text Editor) on the page and press a button to initiate postback.
You can turn this check off per page although all sanitizing for security is up to you when you do that.
You are then responsible for avoiding XSS attacks or other malicious code injection attacks for instance.
If your page starts with:
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm"%>
You should add the ValidateRequest property:
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="MyForm.aspx.vb" Inherits="Proj.MyForm" ValidateRequest="false"%>
Have fun.
is working on a reply...