Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alan Mac Kenna 131 posts 330 karma points c-trib
    Sep 12, 2015 @ 22:44
    Alan Mac Kenna
    0

    DTGE not rendering in backoffice - RTE Request Validation Problem?

    Hullo!

    So I'm having an issue with one of my DTGE types not rending in the backoffice. It seems to be because it has an RTE datatype set up on it. When I debug I can see that a HttpRequestValidationException is being thrown - A potentially dangerous Request.Form value was detected from the client. And I can see my RTE content (html tags etc) in the exception.... I'm not sure how to resolve!

    It renders fine in the front end. It's just the backoffice where it's causing an issue.

    Confused!

  • Alan Mac Kenna 131 posts 330 karma points c-trib
    Sep 13, 2015 @ 16:14
    Alan Mac Kenna
    4

    I figured this out. My solution was based on the Hybrid Framework which uses DonutCaching. The DonutCaching was throwing a wobbler with the HTML in the request. I extended the DonutOutputCacheAttribute and now check for dtgePreview in the QueryString when executing. If it's there I just return instead of processing. Problem solved!

  • Matt Brailsford 1889 posts 9320 karma points MVP 5x c-trib
    Sep 16, 2015 @ 14:50
    Matt Brailsford
    0

    Nice detective work. Thanks for sharing your findings.

  • Lee 1105 posts 3032 karma points
    Sep 16, 2015 @ 15:02
    Lee
    0

    Thanks for sharing :) A code sample of how you extended would be nice, just for future reference.

  • Alan Mac Kenna 131 posts 330 karma points c-trib
    Sep 18, 2015 @ 11:32
  • Stefano 52 posts 295 karma points c-trib
    Mar 15, 2018 @ 15:13
    Stefano
    0

    This happened for me, only if I loaded a page with the same controller at least once, and the grid had a RTE in it.

    Pretty much nothing worked:

    • Disabling validation is not a good idea IMHO,
    • Only working on http get didnt' work either.
    • filterContext.HttpContext.Request.QueryString["dtgePreview"] is not enough to catch it, as this seems some sort of sub-request.
    • ConfigurationManager.AppSettings["Umbraco.DPC.Theme.IsBackOffice"] as used here to override validation here https://gist.github.com/geoffbeaumont/a314caab1c96a604869fe92cf7f9f965 it isn't set when I tried to use it.
    • tried to modify the above code to use UmbracoContext.Current.Security.IsAuthenticated() instead, didnt' work!

    I'm giving up: this controller will not be cached.

    First and last time I'm using donut caching!

  • Jeroen Vantroyen 1 post 71 karma points
    Jul 20, 2018 @ 08:26
    Jeroen Vantroyen
    0

    The problem seems to lie in the fact that the KeyGenerator is generating a cacheKey, whether the resulting request will be cashed or not.

    Maybe it would be better to generate it after it has been determined this request needs to be cashed. Pretty useless otherwise.

    I want POST request not cached anyway (OutputCacheOptions.NoCacheLookupForPosts), so I "solved" it for myself by forcing the option OutputCacheOptions.IgnoreFormData. It stops the KeyGenerator from inspecting the Form-values, which triggers the validation problem for RTE's in dtgePreview.

    I hope anyone can still benefit from this, but would be better if the cachekey was generated later.

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        this.Options |= OutputCacheOptions.IgnoreFormData;
    
        //.. all your other stuff
    
        base.OnActionExecuting(filterContext);
    }
    
Please Sign in or register to post replies

Write your reply to:

Draft