Request validation is built-in ASP.NET feature, it checks if the posted values contain dangerous / potentially dangerous scripts. On normal ASP.NET page you can control it from ValidateRequest attribute of @Page directive or from web.config. It seems that it's enabled by default in Umbraco 4.5.2, and that tweak will help to disable it.
As I'm having problems with the umbraco backend itself I don't really want to have to mess with any of the core templates. (If I can find them :)) so I'm trying to reset it in web.config, however setting it to this
It seems strange that in 4.5.2 we have to turn this off anyway, as it then requires more work on our part to build secure modules. Is this really the way Umbraco have decided to go on this issue?
Aha! Thanks Ferry. Thats worked perfectly. I didn't even need to add the validateRequest parameter to the web config either in the end. From further reading it looks as though this error could have been generated by me running the site on a box thats configured for .Net 4.0.
A potentially dangerous Request.Form value was detected
Whenever I try to save a node that contains an RTE element, either in doctypes I've created or in ones used by blog4umbraco I get this error.
I'm using 4.5.2 on a server thats running a gamut of .Net, from 1.1 to 4.0
Solutions on the forums seem to point to me having to tweak my templates to include the following
But I've never had this problem running umby 4.5.2 before. Can anyone shed any light on this?
Many thanks.
Shaun
Hi Shaun,
Request validation is built-in ASP.NET feature, it checks if the posted values contain dangerous / potentially dangerous scripts. On normal ASP.NET page you can control it from ValidateRequest attribute of @Page directive or from web.config. It seems that it's enabled by default in Umbraco 4.5.2, and that tweak will help to disable it.
Hope this explains.
Best regards,
Ferry Meidianto
Thanks Ferry
As I'm having problems with the umbraco backend itself I don't really want to have to mess with any of the core templates. (If I can find them :)) so I'm trying to reset it in web.config, however setting it to this
<pages enableEventValidation="false" validateRequest="false">
still results in the same error.
It seems strange that in 4.5.2 we have to turn this off anyway, as it then requires more work on our part to build secure modules. Is this really the way Umbraco have decided to go on this issue?
What about setting <httpRuntime requestValidationMode="2.0" /> as discussed in the following thread:
http://our.umbraco.org/forum/using/ui-questions/11432-A-potentially-dangerous-RequestForm-value-was-detected-when-updating-content-with-HTML-tags
Aha! Thanks Ferry. Thats worked perfectly. I didn't even need to add the validateRequest parameter to the web config either in the end. From further reading it looks as though this error could have been generated by me running the site on a box thats configured for .Net 4.0.
Thanks again, that was driving me mad.
is working on a reply...