Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dino 6 posts 28 karma points
    Jan 17, 2012 @ 17:36
    Dino
    0

    New Custom Section and "A potentially dangerous Request.Form value was detected" error

    I have an issue with umbraco 4.7 where I have created an new custom section which has an Iframe that shows an existing system that manages the content for the header of my web site.

    This existing system that sits in my Iframe is called using a server side (HttpWebRequest)WebRequest.Create and injectd the content onto my custom page that I have created under an umbracoReservedPaths so that umbraco treats this like a stand alone application and I can put my css over it.

    Every time I press submit on the page that has the HTML that I would like in the header of my website, the website returns this error "A potentially dangerous Request.Form value was detected". Basically ASP.net is not allowing the form variables through because it contains HTML which could be potential malicious. So my existing header cms never gets called.

    I did a search on this issue and found some solutions none of which have worked. The main one incluedes turning validate request off which I have tried to do at the webconfig level and the page level but none of which works.

    Page level:

    <%@ Page validateRequest="false" %>

    Web.config level:

    <configuration>
        <system.web>
            <pages validateRequest="false" />
        </system.web>
    </configuration>

     

    I have even tried setting it in the Page_Init but still not joy

     protected void Page_Init(object sender, EventArgs e)
            {
                try
                {
                    ((umbraco.UmbracoDefault)this.Page).ValidateRequest = false;
                }
                catch { }
            }

     

    How do I stop my page from validating the form variables

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jan 17, 2012 @ 19:10
    Jan Skovgaard
    0

    Hi Dino

    Don't know if this works, but something in the back of my mind tells me you should try this.


    Have you set the requestvalidationmode attribute to 2.0 on the httpruntime element in the web.config?

    Like this: <httpruntime requestvalidationmode="2.0" />

    /Jan

  • Dino 6 posts 28 karma points
    Jan 18, 2012 @ 12:18
    Dino
    1

    I fixed it by adding the line below to the template

     <umbraco:DisableRequestValidation runat="server"/>

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jan 18, 2012 @ 21:55
    Jan Skovgaard
    0

    Hi Dino

    Thanks for sharing the solution - I was not aware the above was possible :)

    /Jan

Please Sign in or register to post replies

Write your reply to:

Draft