开发者

Dangerous value - Request.Form

开发者 https://www.devze.com 2023-03-23 00:06 出处:网络
I am developing an application in ASP.NET 2.0, and in one page i am using a FCKEditor. In some cases, when i try to save the content of the page i get an exception saying that a potentially dangerous

I am developing an application in ASP.NET 2.0, and in one page i am using a FCKEditor.

In some cases, when i try to save the content of the page i get an exception saying that a potentially dangerous value was detected Request.From from the client

(FCKeditor1=" < fck:meta content="t...").

I couldn't detect so far in which specific cases (btw, how can this occur only on some saves?) this occurs but i googled a bit and tried to disable the validation for this page by adding validateRequest="false" to my editor page. This apparently solves the exception but raises another question. With this on my page, the button that contains the saving code fails to cause a postback. I have a breakpoint on the first line of my button code on codebehind and it is not even fired.

So that you understand the structure of my page and as i said, i have the editor on my page and a button that on click executes code to retrieve the value from the editor and saving it.

EDIT:

<FCKeditorV2:FCKeditor HtmlEncodeOutput=true ID="FCKeditor1" runat="server" Height="700px" Width="800px" BasePath=""></FCKeditorV2:FCKeditor >
FCKeditor1.BasePath = EditorPath
FCKeditor1.Value = Line

This is basically what i am doing on the loading of the page. Setting the path an开发者_开发问答d filling the value of the editor. On save, i do the opposite, retrieving the value and processing the string. This string (as seen by a breakpoint in one of the times the exception is not thrown) is something like:

<fck:meta content="text/html; charset=utf-8" http-equiv="Content-Type"><fck:meta content="text/css" http-equiv="Content-Style-Type"><fck:meta name="generator" content="Aspose.Words for .NET 9.6.0.0">

and more html ahead.

This is by far an annoying problem and any sugestion or enlightenment would be highly appreciated.


The error about a potentially dangerous value being submitted is usually triggered when a form post value contains angle brackets.

This is the case here as it looks like you're using the FCKeditor to edit HTML so you'll need the validateRequest="false" as you've already done.

As for the form not posting at all, this points to either:

  • the markup is being corrupted somehow; examine the final markup in your browser with the View Source option, paying particular attention to opening and closing single ' and double-quotes "
  • if you're using IE6 or IE7 and a <button /> element to submit the form, it needs the property type="submit" (that one caught me out last week)
0

精彩评论

暂无评论...
验证码 换一张
取 消