"A potentially dangerous Request.Form value was detected" when updating content with HTML tags
I have recently installed umbraco v
4.0.4.2 after suffering a lot of problems with the latest versions not loading the tree nodes within the admin section.
After a couple of days of trying to install the CMS I finally managed to get Umbraco working locally on Windows XP with WebMatrix. However, I have stumbled upon the following problem when attempting to add content that contains any HTML tags.
A potentially dangerous Request.Form value was detected
from the client (ctl00$body$pageContent="<a
href="null">Test<...").
Description: Request Validation has detected a
potentially dangerous client input value, and processing of the request
has been aborted. This value may indicate an attempt to compromise the
security of your application, such as a cross-site scripting attack. To
allow pages to override application request validation settings, set
the requestValidationMode attribute in the httpRuntime configuration
section to requestValidationMode="2.0". Example: <httpRuntime
requestValidationMode="2.0" />. After setting this value, you can
then disable request validation by setting validateRequest="false" in
the Page directive or in the <pages> configuration section.
However, it is strongly recommended that your application explicitly
check all inputs in this case. For more information, see
http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException:
A potentially dangerous Request.Form value was detected from the client
(ctl00$body$pageContent="<a href="null">Test<...").
After searching on Google and trying some of the methods, from adding a tag to disable request validation to changing my web.config file. The problem still persists and as such it makes using Umbraco unfeasible.
I've tried adding the first line in both my Master template and within the editContent.aspx page and it didn't change anything, as well as changing debugging to true and adding a similar line in my web.config file, but I haven't tried the codebehind as I don't know where to find it. Which file do I need to add/edit to do this?
I'm not entirely sure what you're trying to do. The video explains how to add and use custom .NET user controls in Umbraco. But you're having
issues with saving HTML in the backend, right? Can you explain exactly what you're doing (maybe add some screenshots)?
Sorry, I think I've needlessly made it seem more complicated than it actually it. To put it short, I cannot add HTML to any content pages because it throws a ASP.NET error. Here's an example of what I'm trying to do; if I add simple text it works fine, but the second I add a HTML tag the error in the first page is thrown.
For anyone else suffering from the same problem, I had changed validateRequest="false" in both my page directives and web.config files and it had no effect, but <httpRuntime requestValidationMode="2.0" /> worked perfectly and now I can add HTML to my content.
Hi thanks for your help, this is all very new to me, I have added this code to the web.config and I dont get an error. I save the changes to a page and it says saved but all the changes I make really do not save.
All I added was the <httpRuntime requestValidationMode="2.0" /> code
Not sure where to add the other bits validateRequest="false"
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. ;
"A potentially dangerous Request.Form value was detected" when updating content with HTML tags
I have recently installed umbraco v 4.0.4.2 after suffering a lot of problems with the latest versions not loading the tree nodes within the admin section.
After a couple of days of trying to install the CMS I finally managed to get Umbraco working locally on Windows XP with WebMatrix. However, I have stumbled upon the following problem when attempting to add content that contains any HTML tags.
A potentially dangerous Request.Form value was detected from the client (ctl00$body$pageContent="<a href="null">Test<...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$body$pageContent="<a href="null">Test<...").
Here is the stack trace for the error:
After searching on Google and trying some of the methods, from adding a tag to disable request validation to changing my web.config file. The problem still persists and as such it makes using Umbraco unfeasible.
Can anyone help with this problem?
You can either put this in your template:
Or this in your usercontrol's codebehind:
protected void Page_Init(object sender, EventArgs e)
{
try
{
((umbraco.UmbracoDefault)this.Page).ValidateRequest = false;
}
catch { }
}
But make sure to clean up the input before you process it.
I've tried adding the first line in both my Master template and within the editContent.aspx page and it didn't change anything, as well as changing debugging to true and adding a similar line in my web.config file, but I haven't tried the codebehind as I don't know where to find it. Which file do I need to add/edit to do this?
EDIT: After searching around I found this video about adding .NET user controls. Is this what I need to do for my master template?
I'm not entirely sure what you're trying to do. The video explains how to add and use custom .NET user controls in Umbraco. But you're having issues with saving HTML in the backend, right? Can you explain exactly what you're doing (maybe add some screenshots)?
Sorry, I think I've needlessly made it seem more complicated than it actually it. To put it short, I cannot add HTML to any content pages because it throws a ASP.NET error. Here's an example of what I'm trying to do; if I add simple text it works fine, but the second I add a HTML tag the error in the first page is thrown.
http://imgur.com/LsUkm.jpg
I have no experience with WebMatrix, but I did find this:
http://learn.iis.net/page.aspx/872/webmatrix-beta-release-readme/#Known_Issues_ASPNET
You did mention you were trying to disable request validation in the web.config, but it doesn't say exactly what you did.
That worked perfectly, thank you very much!
For anyone else suffering from the same problem, I had changed validateRequest="false" in both my page directives and web.config files and it had no effect, but <httpRuntime requestValidationMode="2.0" /> worked perfectly and now I can add HTML to my content.
Thanks again!
Glad I could help!
Hi Im having the same problem Where do I enter the code <httpRuntime requestValidationMode="2.0" />
thanks
in the web.config, place it inside the node <system.web> if it's not there already.
Hi thanks for your help, this is all very new to me, I have added this code to the web.config and I dont get an error. I save the changes to a page and it says saved but all the changes I make really do not save.
All I added was the <httpRuntime requestValidationMode="2.0" /> code
Not sure where to add the other bits validateRequest="false"
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. ;
is working on a reply...