RichTextBox Inserting Issue RRS feed

  • Question

  • User-796050626 posted

    Hi there i am adding a FreeTextBox to our asp.net c# intranet application and when i add it inside a form view for insterting, click the insert button and get this error

    A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").

    Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").

    Source Error:

    [No relevant source lines]

    Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs    Line: 0

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +11068331
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +71
    System.Web.HttpRequest.get_Form() +178
    System.Web.HttpRequest.get_HasForm() +11068567
    System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +124
    System.Web.UI.Page.DeterminePostBackMode() +83
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034743
    System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034282
    System.Web.UI.Page.ProcessRequest() +91
    System.Web.UI.Page.ProcessRequest(HttpContext context) +240
    ASP.support_openticket_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs:0
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171

    Can any please help me with this?

    Friday, November 5, 2010 9:26 AM

All replies

  • User-2076991548 posted

    this happens because the server thinks someone is trying to inject some stinky harmful piece of code into your app (db)

    add in your <@page section this: ValidateRequest="false"

    But be careful... cause other textboxes in the page will be allowed to submit html as well. Make sure you properly validate this in the server.

    Small notice: If users are allowed to inject html into your db, then when you show that html in the broswer it can be written in a way that screwed your layour and from there do whatever else, like loading stinky js from an external source

    Friday, November 5, 2010 1:59 PM
  • User-796050626 posted

    That is correct.

    i added the line and its all working now. However the next issue i have is that it does not insert it into my database for some reason.

    In the table the text type is "Text"

    This is my code for inserting <FTB:FreeTextBox ID="FTB1" runat="server" Height="100px" Text='<%# Bind("information") %>'
                                 Width="548px" /> (i basically just copied my existing text box and just changed the beginning asp: tag)

    The SQL DS is working as i have a text box that inserts into the same field and that does not have a problem, am i using the wrong property for this? I mean ideally i just want something simple like this reply to message text box on this forum

    Friday, November 5, 2010 2:27 PM