Whenever I try to Save or Save & Publish the following error is thrown.
Unfortunately I don't have access to the backend to update any configs or pull any logs so I am hoping someone can show me how to fix this from the Umbraco controls.
Thanks in advance
--
A potentially dangerous Request.Form value was detected from the client (ctl00$body$body_content="
OWN...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$body$body_content="
OWN...").
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
Add a "Debug=true" directive at the top of the file that generated the error. Example: <%@ Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodycontent="
Maybe you are using special characters in your post. Some characters are known to be used to make an attack on the application or other users ie, javascript in a post, so its a prevention. Could be characters as this : < or >.
I have replaced all the "<" with "< " so you can have a complete view of the error message.
Having reviewed all the pages in the website I cant find a < or > anywhere in the content so that doesn't look to be a cause.
Thanks,
Keith
--
A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodyText="< p>Cedar Creek Compa...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodyText="< p>Cedar Creek Compa...").
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
Add a "Debug=true" directive at the top of the file that generated the error. Example:
< %@ Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Well, the error seems to come from any non-text tag. So you could try to clean the text by removing all < p > and such markup. Typically on windows machine, you would copy/paste the text through Notepad.exe to clean the text.
If you do not have access to backend to fix it, it will be difficult to fix, seems that the developer has closed access to paste any kind of markup into posts in the solution.
There is some hint regarding how to fix it on the microsoft error page (not that it would help you out here, but only add to understanding the problem):
"potentially dangerous content is any HTML markup or JavaScript code in the body, header, query string, or cookies of the request"
"For example, if your site has a form where users enter comments, a malicious user could enter JavaScript code in a script element. When you display the comments page to other users, the browser executes the JavaScript code as if the code had been generated by your website. This exploit is typically referred to as a cross-site scripting (XSS) attack.
Request validation helps prevent this kind of attack. If ASP.NET detects any markup or code in a request, it throws a "potentially dangerous value was detected" error and stops page processing."
Server Error in '/' Application.
Whenever I try to Save or Save & Publish the following error is thrown. Unfortunately I don't have access to the backend to update any configs or pull any logs so I am hoping someone can show me how to fix this from the Umbraco controls.
Thanks in advance
--
Maybe you are using special characters in your post. Some characters are known to be used to make an attack on the application or other users ie, javascript in a post, so its a prevention. Could be characters as this : < or >.
I have replaced all the "<" with "< " so you can have a complete view of the error message.
Having reviewed all the pages in the website I cant find a < or > anywhere in the content so that doesn't look to be a cause.
Thanks, Keith
--
A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodyText="< p>Cedar Creek Compa...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodyText="< p>Cedar Creek Compa...").
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
Add a "Debug=true" directive at the top of the file that generated the error. Example:
< %@ Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
< configuration> < system.web> < compilation debug="true"/> < /system.web> < /configuration>
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$body$bodyText="< p>Cedar Creek Compa...").] System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +9552097 System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +184 System.Web.HttpRequest.getForm() +55 System.Web.HttpRequest.getHasForm() +9553711 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +95 System.Web.UI.Page.DeterminePostBackMode() +69 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6704 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +245 System.Web.UI.Page.ProcessRequest() +72 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21 System.Web.UI.Page.ProcessRequest(HttpContext context) +58 ASP.umbracoeditcontentaspx.ProcessRequest(HttpContext context) +4 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18408
Well, the error seems to come from any non-text tag. So you could try to clean the text by removing all < p > and such markup. Typically on windows machine, you would copy/paste the text through Notepad.exe to clean the text.
If you do not have access to backend to fix it, it will be difficult to fix, seems that the developer has closed access to paste any kind of markup into posts in the solution.
There is some hint regarding how to fix it on the microsoft error page (not that it would help you out here, but only add to understanding the problem):
"potentially dangerous content is any HTML markup or JavaScript code in the body, header, query string, or cookies of the request"
"For example, if your site has a form where users enter comments, a malicious user could enter JavaScript code in a script element. When you display the comments page to other users, the browser executes the JavaScript code as if the code had been generated by your website. This exploit is typically referred to as a cross-site scripting (XSS) attack.
Request validation helps prevent this kind of attack. If ASP.NET detects any markup or code in a request, it throws a "potentially dangerous value was detected" error and stops page processing."
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.