开发者

Getting error when posting a form with html tags in its fields

开发者 https://www.devze.com 2023-02-01 15:26 出处:网络
I am using Ajax Control Toolkit 3.5. I have a form like this: <body> <form id=\"form1\" runat=\"server\">
相关专题:ajaxcontroltoolkit

I am using Ajax Control Toolkit 3.5. I have a form like this:

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp开发者_Go百科:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

And related codebehind of this page is this:

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

When I write for example "foo" into the TextBox1 it succesfully copies that into Label1. But if I write any text into the textbox with some HTML tags like "<b>foo</b>" i get following Javascript error in IE statusbar:

Getting error when posting a form with html tags in its fields

How can I solve this?

Thanks in advance.

Just after posting this question, the idea of taking the form fields out of UpdatePanel and retrying the same operation came to my mind. Bingo! It throws the following exception:

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

After seeing this error, adding the following code to the <%@ Page %> section of the page solved the problem.

ValidateRequest="false"

Hope this helps to others...

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9