RichTextBox Inserting Issue

Question

User-796050626 posted

Hi there i am adding a FreeTextBox to our asp.net c# intranet application and when i add it inside a form view for insterting, click the insert button and get this error

A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").

Source Error:

[No relevant source lines]

Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs    Line: 0

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00_Main_Content_frmview_job_line_FTB1="...r settings<br>").] System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +11068331 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +71 System.Web.HttpRequest.get_Form() +178 System.Web.HttpRequest.get_HasForm() +11068567 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +124 System.Web.UI.Page.DeterminePostBackMode() +83 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034743 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11034282 System.Web.UI.Page.ProcessRequest() +91 System.Web.UI.Page.ProcessRequest(HttpContext context) +240 ASP.support_openticket_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\77136763\1e7793cf\App_Web_vqbgmuck.0.cs:0 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171

</pages>

Can any please help me with this?

Answer 1

User-2076991548 posted

this happens because the server thinks someone is trying to inject some stinky harmful piece of code into your app (db)

add in your <@page section this: ValidateRequest="false"

But be careful... cause other textboxes in the page will be allowed to submit html as well. Make sure you properly validate this in the server.

Small notice: If users are allowed to inject html into your db, then when you show that html in the broswer it can be written in a way that screwed your layour and from there do whatever else, like loading stinky js from an external source

Answer 2

User-796050626 posted

That is correct.

i added the line and its all working now. However the next issue i have is that it does not insert it into my database for some reason.

In the table the text type is "Text"

This is my code for inserting <FTB:FreeTextBox ID="FTB1" runat="server" Height="100px" Text='<%# Bind("information") %>'
                             Width="548px" /> (i basically just copied my existing text box and just changed the beginning asp: tag)

The SQL DS is working as i have a text box that inserts into the same field and that does not have a problem, am i using the wrong property for this? I mean ideally i just want something simple like this reply to message text box on this forum