Saving HTML in Editor gives 'potentially dangerous Request.Form value'
Saving HTML in Editor gives 'potentially dangerous Request.Form value'
elicym
Posts: 8Questions: 3Answers: 0
I'm trying to save HTML in an Editor field. Only admins have access to this page, so there's no XSS issue. I get an ASP.NET error - 'A potentially dangerous Request.Form value was detected from the client'. I tried what was suggested at https://datatables.net//forums/discussion/comment/98528/, in both the question and answer, but it didn't help.
This question has an accepted answers - jump to answer
This discussion has been closed.
Answers
Hi,
The
requestValidationModeoption is the only way I'm aware of that will properly resolve this. Its a built in validation check by .NET and not something that Editor intentionally enables. The .NET documentation on this topic might be of some use. Specifically do you have the httpRuntime requestValidationMode set to be 2.0 inside the system.web?It looks like there is a method which can be used to check that it was set.
Allan
requestValidationModedidn't work by itself - the action also required the attribute[ValidateInput(false)]. It would be ideal though if the Editor library would use Request.Unvalidated, which won't require changing the whole application to userequestValidationMode=2.Thanks for letting ,e know about
Request.Unvalidated- I wasn't aware of that. I've just added support for it to Editor's .NET libraries and it will be available in Editor 1.7 which will be out next week.Regards,
Allan
Thank you, great support.