Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Sep 12, 2015 @ 22:44
    Alan Mac Kenna

    DTGE not rendering in backoffice - RTE Request Validation Problem?


    So I'm having an issue with one of my DTGE types not rending in the backoffice. It seems to be because it has an RTE datatype set up on it. When I debug I can see that a HttpRequestValidationException is being thrown - A potentially dangerous Request.Form value was detected from the client. And I can see my RTE content (html tags etc) in the exception.... I'm not sure how to resolve!

    It renders fine in the front end. It's just the backoffice where it's causing an issue.


  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Sep 13, 2015 @ 16:14
    Alan Mac Kenna

    I figured this out. My solution was based on the Hybrid Framework which uses DonutCaching. The DonutCaching was throwing a wobbler with the HTML in the request. I extended the DonutOutputCacheAttribute and now check for dtgePreview in the QueryString when executing. If it's there I just return instead of processing. Problem solved!

  • Matt Brailsford 4124 posts 22220 karma points MVP 9x c-trib
    Sep 16, 2015 @ 14:50
    Matt Brailsford

    Nice detective work. Thanks for sharing your findings.

  • Lee 1130 posts 3088 karma points
    Sep 16, 2015 @ 15:02

    Thanks for sharing :) A code sample of how you extended would be nice, just for future reference.

  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Sep 18, 2015 @ 11:32
  • Stefano 61 posts 313 karma points c-trib
    Mar 15, 2018 @ 15:13

    This happened for me, only if I loaded a page with the same controller at least once, and the grid had a RTE in it.

    Pretty much nothing worked:

    • Disabling validation is not a good idea IMHO,
    • Only working on http get didnt' work either.
    • filterContext.HttpContext.Request.QueryString["dtgePreview"] is not enough to catch it, as this seems some sort of sub-request.
    • ConfigurationManager.AppSettings["Umbraco.DPC.Theme.IsBackOffice"] as used here to override validation here it isn't set when I tried to use it.
    • tried to modify the above code to use UmbracoContext.Current.Security.IsAuthenticated() instead, didnt' work!

    I'm giving up: this controller will not be cached.

    First and last time I'm using donut caching!

  • Jeroen Vantroyen 54 posts 394 karma points c-trib
    Jul 20, 2018 @ 08:26
    Jeroen Vantroyen

    The problem seems to lie in the fact that the KeyGenerator is generating a cacheKey, whether the resulting request will be cashed or not.

    Maybe it would be better to generate it after it has been determined this request needs to be cashed. Pretty useless otherwise.

    I want POST request not cached anyway (OutputCacheOptions.NoCacheLookupForPosts), so I "solved" it for myself by forcing the option OutputCacheOptions.IgnoreFormData. It stops the KeyGenerator from inspecting the Form-values, which triggers the validation problem for RTE's in dtgePreview.

    I hope anyone can still benefit from this, but would be better if the cachekey was generated later.

    public override void OnActionExecuting(ActionExecutingContext filterContext)
        this.Options |= OutputCacheOptions.IgnoreFormData;
        //.. all your other stuff
Please Sign in or register to post replies

Write your reply to: