locked
RadComboBox: A potentially dangerous Request.Form value was detected from the client RRS feed

  • Question

  • User-1340937076 posted

    Hi,

    I'm using telric radcombo and if user types html tags <asas> then it throws "A potentially dangerous Request.Form value was detected from the client" error.

    I don't want to use validateRequest="false" at page level as this code is written in user control which is used in .maste page. Please let me know if there is any way to handle such error.

    In the current code; I have used regular expression somehow if user clicks on other menu items then regular expression do NOT work.

    <telerik:RadComboBox Style="z-index: 9001;margin-top:-2px;" ID="radComboBoxOrganization" MarkFirstMatch="true"
            AllowCustomText="false" Height="200px" Width="150px" DropDownWidth="270px" HighlightTemplatedItems="true"
            EnableAutomaticLoadOnDemand="true" Filter="Contains" ShowMoreResultsBox="true" AutoPostBack="true" 
            EnableVirtualScrolling="true" ItemsPerRequest="20" runat="server" ValidationGroup="JoinOrg" >
        </telerik:RadComboBox>
    
        <asp:RegularExpressionValidator ID="regExpOrgNames" ValidationExpression="^[^<>]+$"
            ErrorMessage="" ControlToValidate="radComboBoxOrganization" ValidationGroup="JoinOrg" runat="server"></asp:RegularExpressionValidator>

    Tuesday, September 27, 2011 6:29 AM

Answers

  • User-1340937076 posted

    I used following code and it is working fine...


    function ValidateOrganization(source, args) { args.IsValid = false; var combo = $find("<%= radComboBoxOrganization.ClientID %>"); var text = combo.get_text(); if (text.length < 1) { var hdn = document.getElementById("<%= hdnOrganizationName.ClientID %>"); combo.set_text(hdn.value); args.IsValid = false; } else { var node = combo.findItemByText(text); if (node) { args.IsValid = true; } else { var hdn = document.getElementById("<%= hdnOrganizationName.ClientID %>"); combo.set_text(hdn.value); args.IsValid = false; } } } <telerik:RadComboBox Style="z-index: 9001;margin-top:-2px;" ID="radComboBoxOrganization" MarkFirstMatch="true"
            AllowCustomText="true" Height="200px" Width="150px" DropDownWidth="270px" HighlightTemplatedItems="true"
            EnableAutomaticLoadOnDemand="true" Filter="Contains" ShowMoreResultsBox="true" AutoPostBack="true"
            EnableVirtualScrolling="true" ItemsPerRequest="20"  runat="server">
        </telerik:RadComboBox>
        <asp:CustomValidator ID="CustomValidator1" runat="server" ControlToValidate="radComboBoxOrganization"
            ClientValidationFunction="ValidateOrganization" ErrorMessage="">
        </asp:CustomValidator>
    <asp:HiddenField ID="hdnOrganizationName" runat="server" />


    we can also handle error in Global.ascx -

    void Application_Error(object sender, EventArgs e)
            {
                Exception exception = Server.GetLastError();
                try {
                    HttpException httpException = (HttpException)exception;
                    int httpCode = httpException.GetHttpCode();
                    switch (httpCode) {
                        case 403: Response.Redirect("~/NoAccess.aspx"); break;
                        case 404: Response.Redirect("~/Error.aspx"); break;
                        default: Response.Redirect("~/Pages/Error/Generic.aspx"); break;
                    }
                }
                catch { }
                Server.ClearError();
            }


    Thanks, Pravin
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 28, 2011 7:48 AM

All replies

  • User535082756 posted

    hi

    when you use the < or > symbol the browser thinks that it is some hack data and fails...

    can you just try some plain Jquery combo box but its actually a plain div...

    hope it helps.thanks,

    Tuesday, September 27, 2011 7:50 AM
  • User-1340937076 posted

    Hi,

    Teleric RadCombo works like smart text box simmilar to google search and filter data based on the input text values.

    JQuery combobox will NOT work like that....

    Thanks, Pravin

    Tuesday, September 27, 2011 8:54 AM
  • User-1340937076 posted

    I used following code and it is working fine...


    function ValidateOrganization(source, args) { args.IsValid = false; var combo = $find("<%= radComboBoxOrganization.ClientID %>"); var text = combo.get_text(); if (text.length < 1) { var hdn = document.getElementById("<%= hdnOrganizationName.ClientID %>"); combo.set_text(hdn.value); args.IsValid = false; } else { var node = combo.findItemByText(text); if (node) { args.IsValid = true; } else { var hdn = document.getElementById("<%= hdnOrganizationName.ClientID %>"); combo.set_text(hdn.value); args.IsValid = false; } } } <telerik:RadComboBox Style="z-index: 9001;margin-top:-2px;" ID="radComboBoxOrganization" MarkFirstMatch="true"
            AllowCustomText="true" Height="200px" Width="150px" DropDownWidth="270px" HighlightTemplatedItems="true"
            EnableAutomaticLoadOnDemand="true" Filter="Contains" ShowMoreResultsBox="true" AutoPostBack="true"
            EnableVirtualScrolling="true" ItemsPerRequest="20"  runat="server">
        </telerik:RadComboBox>
        <asp:CustomValidator ID="CustomValidator1" runat="server" ControlToValidate="radComboBoxOrganization"
            ClientValidationFunction="ValidateOrganization" ErrorMessage="">
        </asp:CustomValidator>
    <asp:HiddenField ID="hdnOrganizationName" runat="server" />


    we can also handle error in Global.ascx -

    void Application_Error(object sender, EventArgs e)
            {
                Exception exception = Server.GetLastError();
                try {
                    HttpException httpException = (HttpException)exception;
                    int httpCode = httpException.GetHttpCode();
                    switch (httpCode) {
                        case 403: Response.Redirect("~/NoAccess.aspx"); break;
                        case 404: Response.Redirect("~/Error.aspx"); break;
                        default: Response.Redirect("~/Pages/Error/Generic.aspx"); break;
                    }
                }
                catch { }
                Server.ClearError();
            }


    Thanks, Pravin
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 28, 2011 7:48 AM