Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tal Winter 18 posts 48 karma points
    Jan 03, 2021 @ 15:26
    Tal Winter
    0

    Error page 500 and Request Validation

    Hello. When I have 500 server error, then I show my 500.html file and everything is fine. When I submit a form, and i write, for example, script tags or any html tag in one of the textboxes or textarea. I get a 500 error but it shows the html content of my 500.html file instead of rendering it. It's something with HttpRequest.ValidateString. Any ideas how to show the 500.html file? I am not going to set validate to false if anyone is going to suggest it :)

    Thank you

    Error 500

  • Rasmus Trumf 75 posts 147 karma points
    Jan 03, 2021 @ 16:18
    Rasmus Trumf
    1

    Hi Tal

    Could you set [AllowHtml] on the property that contains HTML in your model.

    public class YourClass
    {
      public string Name { get; set; }
      public string Address { get; set; }
      [AllowHtml]
      public string Description { get; set; }
    }
    

    Hope this helps

  • Tal Winter 18 posts 48 karma points
    Jan 03, 2021 @ 19:42
    Tal Winter
    0

    It can be a nice solution but then it lets everyone writing html tags that I really don't want them to write (I do check on server side for html tags and characters) but this one REALLY lets anyone write anything they want. The Request Validation mechanism is exatcly for that. Maybe I need to create another 500.html page especiialy for that but i don't think it'll help because it shows my HTML markup itself. I thought that it will render the HTML page with no CSS (because it can't find it) but thats not happening too.

  • Rasmus Trumf 75 posts 147 karma points
    Jan 03, 2021 @ 19:48
    Rasmus Trumf
    0

    Hmm in that case i would use Umbracos tinyMce text editor and configure it to only have the html tags you allow.

  • Tal Winter 18 posts 48 karma points
    Jan 03, 2021 @ 21:49
    Tal Winter
    0

    I use TextAreaFor to render the Comments field and I don't use Meta Data fields from the page itself so it's kind of a problem.

  • Brendan Rice 349 posts 563 karma points
    Jan 03, 2021 @ 17:37
  • Tal Winter 18 posts 48 karma points
    Jan 03, 2021 @ 19:39
    Tal Winter
    0

    I used this for my 500 html page but it doesn't work with Request Validation error that I have. That's something else than 500 from a connection string error cause it's actually comes from umbraco itself

  • Huw Reddick 274 posts 857 karma points
    Jan 03, 2021 @ 22:21
    Huw Reddick
    0

    In MVC you would normally create a filter to do this, not sure if that is possible, but in normal MVC you would do something like

    public class HttpRequestValidationExceptionAttribute : FilterAttribute, IExceptionFilter {
    public void OnException(ExceptionContext filterContext) {
            if (!filterContext.ExceptionHandled && filterContext.Exception is HttpRequestValidationException) {
                filterContext.Result = new RedirectResult("~/HttpError/HttpRequestValidationError");
                filterContext.ExceptionHandled = true;
            }
        }
    }
    
  • Tal Winter 18 posts 48 karma points
    Jan 04, 2021 @ 15:03
    Tal Winter
    0

    I think it won't work with Umbraco very well because Umbraco has it's own pipeline. and I want to use my 500.html file and not returning a view and show it there. I think I will go with the AllowHtml and filter all the tags that Cyber Department will want me to filter.

    Thanks for the answer

  • Huw Reddick 274 posts 857 karma points
    Jan 04, 2021 @ 16:21
    Huw Reddick
    0

    I just test this quickly and itgets trapped by iis and returns my 500 html file as expected.

    What error settings do you have in your web.config?

    this is what I have under system.webserver

      <system.webServer>
        <httpErrors errorMode="DetailedLocalOnly" existingResponse="Replace">
          <remove statusCode="500" />
          <error statusCode="500" path="error-500.html" responseMode="File" />
        </httpErrors> 
    
  • Tal Winter 18 posts 48 karma points
    Jan 04, 2021 @ 19:33
    Tal Winter
    0

    I will look tommorow and tell you. I am not at work now. But did you test it with Umbraco. there is some different.

  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 10:38
    Tal Winter
    0

    in my system.webServer i have this:

    <httpErrors errorMode="Custom" existingResponse="PassThrough" />
    

    and in my system.web i have this

    <customErrors mode="Off" redirectMode="ResponseRewrite" defaultRedirect="~/HTML/500.html"/>
    

    I commented those out and used your code in system.webServer and I get the: HTTP Error 500.0 - Internal Server Error page (.net page).

    did I miss anything?

    When I first wanted to use my 500.html, those values that I wrote (in system.web and system.webServer) worked just fine.

    But didn't with the problem of Request Validation.

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 10:40
    Huw Reddick
    0

    some of your post appears to be missing :) as I can't see what is in your config

  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 11:35
    Tal Winter
    0

    Fixed it :) As Rasmus here suggested, I used AllowHtml Annotation on my property in my model and it let me write html tags. I am checking those tags in server side so I think I will go with it and that's it. If you have another idea, then fine. if not, the AllowHtml is sufficed by me.

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 13:16
    Huw Reddick
    0

    You need to set custom errors to On in the system.web section

    <customErrors mode="On" />
    
  • Huw Reddick 274 posts 857 karma points
    Jan 04, 2021 @ 19:41
    Huw Reddick
    0

    yes this is from my umbraco web.config, adding something like <b>text</b> to an input throws the error you get if I comment out the section, uncommenting the section and doing the same thing directs me to the error-500.html file

  • Tal Winter 18 posts 48 karma points
    Jan 04, 2021 @ 20:05
    Tal Winter
    0

    Ok. I will try to use your example. If my 500.html file in under a folder and not in the root path, it may cause a problem?

  • Huw Reddick 274 posts 857 karma points
    Jan 04, 2021 @ 20:14
    Huw Reddick
    0

    As long as it is not an umraco folder it should be ok

  • Tal Winter 18 posts 48 karma points
    Jan 04, 2021 @ 21:16
    Tal Winter
    0

    By the way, my 500.html file has links to css files that are inside umbraco folders (For example, /Content/CSS/500.css). And it's bundle on runtime. That might be a problem no?

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 13:37
    Huw Reddick
    0

    I think you should be ok, but you could test by trying to download one of the css files in your browser directly, if that works then it should be ok

  • Rasmus Trumf 75 posts 147 karma points
    Jan 04, 2021 @ 21:11
    Rasmus Trumf
    0

    I'm actually handling all of this in Global.asax in my U7 code. I'm trying to convert to U8 and have asked for help here: https://our.umbraco.com/forum/using-umbraco-and-getting-started/104641-using-globalasax-andor-composers-in-u8 When i find out how to do this in U8 I will gladly help ;-)

  • Nik 1391 posts 6128 karma points MVP 3x c-trib
    Jan 05, 2021 @ 13:31
    Nik
    0

    Hi Tal,

    I don't know how much investigation you've done into this, but this validation happens before the request even get's to Umbraco. It's an ASP.Net validation error to protect websites.

    However, it's also not a 500 error, it's a 400 error. It could be worth having a read of this article here:

    https://blog.mortenbock.dk/2017/02/03/error-page-setup-in-umbraco/

    There is a section about half way down that talks about Request Validation errors, which hopefully will help.

    Nik

  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 13:33
    Tal Winter
    0

    Well, it shows my 500.html markup so seems like it's 500 (and i see 500 internal server error) but I will check it. Thanks

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 13:40
    Huw Reddick
    0

    the 500 error settings I use in the system.webserver section trap validation error error fine for me

  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 13:53
    Tal Winter
    0

    It's working just fine now. thank you! So system.web is app side and system.webServer is IIS side? I need to understand the pipeline levels :) I have a server error when the connection string is not ok or it's not reachable but it's fine.

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 14:16
    Huw Reddick
    0

    the connection string error is system.web level so you can also catch that by changing custom errors in system.web to

    <customErrors mode="On" defaultRedirect="error-500.html"/>
    
  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 15:27
    Tal Winter
    0

    This is my custom errors

    <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/HTML/500.aspx">
            <error statusCode="400" redirect="~/HTML/400.aspx" />
            <error statusCode="500" redirect="~/HTML/500.aspx" />
        </customErrors>
    

    Not working. showing:

    Server Error in '/' Application.

    Runtime Error Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.

  • Huw Reddick 274 posts 857 karma points
    Jan 05, 2021 @ 15:46
    Huw Reddick
    0

    I have just done some testing myself and have decided that the best way to deal with this nicely in umbraco is to do the following.

    In umbraco create a contentpage called error404 that you will use for a custom 404 and assign it's id in the umbraco settings file. (Umbraco will now take care of 404 errors) Now create another contentpage using the same template and call it custom Errors

    In your web config, completely remove the httperror section and configure your system.web customerrors to

    <customErrors mode="On" defaultRedirect="/CustomErrors"/>
    

    This should catch most things except the connection error. basically you either need to use customerrors or httperrors they do not play well together.

  • Tal Winter 18 posts 48 karma points
    Jan 05, 2021 @ 16:12
    Tal Winter
    0

    We are going to production soon. it doesn't matter now. The 404 is already implemented as you said (umbracoSettings file) and the 500 is caught perfectly (with Request Validation or 500 error in code).

    Thank you.

Please Sign in or register to post replies

Write your reply to:

Draft