Asked by:
RichTextBox Inserting Issue

Question
-
User-796050626 posted
Hi there i am adding a FreeTextBox to our asp.net c# intranet application and when i add it inside a form view for insterting, click the insert button and get this error
A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").
Source Error:
[No relevant source lines]
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs Line: 0
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +11068331
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +71
System.Web.HttpRequest.get_Form() +178
System.Web.HttpRequest.get_HasForm() +11068567
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +124
System.Web.UI.Page.DeterminePostBackMode() +83
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034743
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034282
System.Web.UI.Page.ProcessRequest() +91
System.Web.UI.Page.ProcessRequest(HttpContext context) +240
ASP.support_openticket_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
Can any please help me with this?
Friday, November 5, 2010 9:26 AM
All replies
-
User-2076991548 posted
this happens because the server thinks someone is trying to inject some stinky harmful piece of code into your app (db)
add in your <@page section this:
ValidateRequest="false"
But be careful... cause other textboxes in the page will be allowed to submit html as well. Make sure you properly validate this in the server.
Small notice: If users are allowed to inject html into your db, then when you show that html in the broswer it can be written in a way that screwed your layour and from there do whatever else, like loading stinky js from an external source
Friday, November 5, 2010 1:59 PM -
User-796050626 posted
That is correct.
i added the line and its all working now. However the next issue i have is that it does not insert it into my database for some reason.
In the table the text type is "Text"
This is my code for inserting <FTB:FreeTextBox ID="FTB1" runat="server" Height="100px" Text='<%# Bind("information") %>'
Width="548px" /> (i basically just copied my existing text box and just changed the beginning asp: tag)The SQL DS is working as i have a text box that inserts into the same field and that does not have a problem, am i using the wrong property for this? I mean ideally i just want something simple like this reply to message text box on this forum
Friday, November 5, 2010 2:27 PM