Hello.
When I have 500 server error, then I show my 500.html file and everything is fine.
When I submit a form, and i write, for example, script tags or any html tag in one of the textboxes or textarea. I get a 500 error but it shows the html content of my 500.html file instead of rendering it.
It's something with HttpRequest.ValidateString.
Any ideas how to show the 500.html file?
I am not going to set validate to false if anyone is going to suggest it :)
It can be a nice solution but then it lets everyone writing html tags that I really don't want them to write (I do check on server side for html tags and characters) but this one REALLY lets anyone write anything they want.
The Request Validation mechanism is exatcly for that.
Maybe I need to create another 500.html page especiialy for that but i don't think it'll help because it shows my HTML markup itself.
I thought that it will render the HTML page with no CSS (because it can't find it) but thats not happening too.
I used this for my 500 html page but it doesn't work with Request Validation error that I have. That's something else than 500 from a connection string error cause it's actually comes from umbraco itself
In MVC you would normally create a filter to do this, not sure if that is possible, but in normal MVC you would do something like
public class HttpRequestValidationExceptionAttribute : FilterAttribute, IExceptionFilter {
public void OnException(ExceptionContext filterContext) {
if (!filterContext.ExceptionHandled && filterContext.Exception is HttpRequestValidationException) {
filterContext.Result = new RedirectResult("~/HttpError/HttpRequestValidationError");
filterContext.ExceptionHandled = true;
}
}
}
I think it won't work with Umbraco very well because Umbraco has it's own pipeline. and I want to use my 500.html file and not returning a view and show it there.
I think I will go with the AllowHtml and filter all the tags that Cyber Department will want me to filter.
Fixed it :)
As Rasmus here suggested, I used AllowHtml Annotation on my property in my model and it let me write html tags.
I am checking those tags in server side so I think I will go with it and that's it.
If you have another idea, then fine. if not, the AllowHtml is sufficed by me.
yes this is from my umbraco web.config, adding something like <b>text</b> to an input throws the error you get if I comment out the section, uncommenting the section and doing the same thing directs me to the error-500.html file
By the way, my 500.html file has links to css files that are inside umbraco folders (For example, /Content/CSS/500.css). And it's bundle on runtime.
That might be a problem no?
I don't know how much investigation you've done into this, but this validation happens before the request even get's to Umbraco. It's an ASP.Net validation error to protect websites.
However, it's also not a 500 error, it's a 400 error. It could be worth having a read of this article here:
It's working just fine now. thank you!
So system.web is app side and system.webServer is IIS side?
I need to understand the pipeline levels :)
I have a server error when the connection string is not ok or it's not reachable but it's fine.
Runtime Error
Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.
I have just done some testing myself and have decided that the best way to deal with this nicely in umbraco is to do the following.
In umbraco create a contentpage called error404 that you will use for a custom 404 and assign it's id in the umbraco settings file. (Umbraco will now take care of 404 errors)
Now create another contentpage using the same template and call it custom Errors
In your web config, completely remove the httperror section and configure your system.web customerrors to
We are going to production soon. it doesn't matter now.
The 404 is already implemented as you said (umbracoSettings file) and the 500 is caught perfectly (with Request Validation or 500 error in code).
Error page 500 and Request Validation
Hello. When I have 500 server error, then I show my 500.html file and everything is fine. When I submit a form, and i write, for example, script tags or any html tag in one of the textboxes or textarea. I get a 500 error but it shows the html content of my 500.html file instead of rendering it. It's something with HttpRequest.ValidateString. Any ideas how to show the 500.html file? I am not going to set validate to false if anyone is going to suggest it :)
Thank you
Hi Tal
Could you set [AllowHtml] on the property that contains HTML in your model.
Hope this helps
It can be a nice solution but then it lets everyone writing html tags that I really don't want them to write (I do check on server side for html tags and characters) but this one REALLY lets anyone write anything they want. The Request Validation mechanism is exatcly for that. Maybe I need to create another 500.html page especiialy for that but i don't think it'll help because it shows my HTML markup itself. I thought that it will render the HTML page with no CSS (because it can't find it) but thats not happening too.
Hmm in that case i would use Umbracos tinyMce text editor and configure it to only have the html tags you allow.
I use TextAreaFor to render the Comments field and I don't use Meta Data fields from the page itself so it's kind of a problem.
Hi Tal,
this thread might help:
https://our.umbraco.com/forum/using-umbraco-and-getting-started/77281-500-error-page
Thanks,
Brendan
I used this for my 500 html page but it doesn't work with Request Validation error that I have. That's something else than 500 from a connection string error cause it's actually comes from umbraco itself
In MVC you would normally create a filter to do this, not sure if that is possible, but in normal MVC you would do something like
I think it won't work with Umbraco very well because Umbraco has it's own pipeline. and I want to use my 500.html file and not returning a view and show it there. I think I will go with the AllowHtml and filter all the tags that Cyber Department will want me to filter.
Thanks for the answer
I just test this quickly and itgets trapped by iis and returns my 500 html file as expected.
What error settings do you have in your web.config?
this is what I have under system.webserver
I will look tommorow and tell you. I am not at work now. But did you test it with Umbraco. there is some different.
in my system.webServer i have this:
and in my system.web i have this
I commented those out and used your code in system.webServer and I get the: HTTP Error 500.0 - Internal Server Error page (.net page).
did I miss anything?
When I first wanted to use my 500.html, those values that I wrote (in system.web and system.webServer) worked just fine.
But didn't with the problem of Request Validation.
some of your post appears to be missing :) as I can't see what is in your config
Fixed it :) As Rasmus here suggested, I used AllowHtml Annotation on my property in my model and it let me write html tags. I am checking those tags in server side so I think I will go with it and that's it. If you have another idea, then fine. if not, the AllowHtml is sufficed by me.
You need to set custom errors to On in the system.web section
yes this is from my umbraco web.config, adding something like
<b>text</b>
to an input throws the error you get if I comment out the section, uncommenting the section and doing the same thing directs me to the error-500.html fileOk. I will try to use your example. If my 500.html file in under a folder and not in the root path, it may cause a problem?
As long as it is not an umraco folder it should be ok
By the way, my 500.html file has links to css files that are inside umbraco folders (For example, /Content/CSS/500.css). And it's bundle on runtime. That might be a problem no?
I think you should be ok, but you could test by trying to download one of the css files in your browser directly, if that works then it should be ok
I'm actually handling all of this in Global.asax in my U7 code. I'm trying to convert to U8 and have asked for help here: https://our.umbraco.com/forum/using-umbraco-and-getting-started/104641-using-globalasax-andor-composers-in-u8 When i find out how to do this in U8 I will gladly help ;-)
Hi Tal,
I don't know how much investigation you've done into this, but this validation happens before the request even get's to Umbraco. It's an ASP.Net validation error to protect websites.
However, it's also not a 500 error, it's a 400 error. It could be worth having a read of this article here:
https://blog.mortenbock.dk/2017/02/03/error-page-setup-in-umbraco/
There is a section about half way down that talks about Request Validation errors, which hopefully will help.
Nik
Well, it shows my 500.html markup so seems like it's 500 (and i see 500 internal server error) but I will check it. Thanks
the 500 error settings I use in the system.webserver section trap validation error error fine for me
It's working just fine now. thank you! So system.web is app side and system.webServer is IIS side? I need to understand the pipeline levels :) I have a server error when the connection string is not ok or it's not reachable but it's fine.
the connection string error is system.web level so you can also catch that by changing custom errors in system.web to
This is my custom errors
Not working. showing:
Server Error in '/' Application.
Runtime Error Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.
I have just done some testing myself and have decided that the best way to deal with this nicely in umbraco is to do the following.
In umbraco create a contentpage called error404 that you will use for a custom 404 and assign it's id in the umbraco settings file. (Umbraco will now take care of 404 errors) Now create another contentpage using the same template and call it custom Errors
In your web config, completely remove the httperror section and configure your system.web customerrors to
This should catch most things except the connection error. basically you either need to use customerrors or httperrors they do not play well together.
We are going to production soon. it doesn't matter now. The 404 is already implemented as you said (umbracoSettings file) and the 500 is caught perfectly (with Request Validation or 500 error in code).
Thank you.
is working on a reply...