Request validation in ASP.NET 4.5 RC in Umbraco
-
22-06-2021 - |
Pergunta
I have a textbox in my ASP.NET 4.5 RC WebForms app which needs to accept potentially HTML.
I have researched this and have done the following to allow this to happen: In web.config I have set requestValidationMode and validateRequest appropriately.
<httpRuntime requestValidationMode="2.0" enableVersionHeader="false"/>
<pages enableEventValidation="false" validateRequest="false">
On the control itself I have added the attribute ValidateRequestMode="Disabled"
<asp:TextBox ID="txtBio" runat="server" TextMode="MultiLine" Height="100" Width="300" ValidateRequestMode="Disabled" />
However, still I get the error:
A potentially dangerous Request.Form value was detected from the client
Does anyone have any other ideas for what else I could try? I'm thinking it's a bug in the ASP.NET 4.5 RC web stack, but I'm probably wrong. It feels that way though as I'm literally out of ideas. Seems like I have flicked every switch now.
Plus, I would prefer to leave requestValidation on for everywhere except this item, however, if I can just turn it off at all, it would be a good start.
Many thanks
Solução
Try adding validateRequest="false"
in the properties at the top of the page like this:
%@ Page Language="C#" AutoEventWireup="true" CodeBehind="page.aspx.cs" validateRequest="false" Inherits="Project.UI.page" %>
But be careful to check html for any malicious scripts that users may add when validation is off.
UPDATE: Try adding this to your user control codebehind.
protected void Page_Init(object sender, EventArgs e)
{
try
{
((umbraco.UmbracoDefault)this.Page).ValidateRequest = false;
}
catch { }
}