• Forums
  • Bug Reports
  • Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
6/9/2010 12:16:35 AM
kpejet
Gravatar
Total Posts 2
View Posts

Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

Hi I'm fairly new to the mojo and have no major issue up until last night where i upgraded to 2.3.4.4.

I'm running on XP pro with MSSQL 2008 express.

Everythig seems to work well as is but when i attempt to use the Editors (i've tried Tiny and FCK both generate the same error) i get a "Potentially dangerous Request.Form value was detected..."

Any thoughts? I did read this topic but it didnt seem to fix anything:
http://www.mojoportal.com/Forums/Thread.aspx?pageid=5&mid=34&ItemID=9&thread=838&postid=3627  
I'm a sys admin by trade not a dev. Web.config are known to me but i dont usually modify them, maybe i m not do something right?

Here is the attempt to add just the words TEST to a HTML section of the mojo site-->

Server Error in '/mojoportal' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
System.Web.HttpRequest.get_Form() +114
System.Web.HttpRequest.get_HasForm() +8896047
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
System.Web.UI.Page.ProcessRequest() +78
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.htmledit_aspx.ProcessRequest(HttpContext context) +4
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

<------------------------END OF ERROR!!

After using option 2 as mentioned i get this:

Server Error in '/mojoportal' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").

Source Error:


[No relevant source lines]
 

Source File: c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\mojoportal\a07d3605\c6ae350d\App_Web_h4r2m0oh.3.cs Line: 0

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>TEST</p>").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
System.Web.HttpRequest.get_Form() +114
System.Web.HttpRequest.get_HasForm() +8896047
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
System.Web.UI.Page.ProcessRequest() +78
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.htmledit_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\mojoportal\a07d3605\c6ae350d\App_Web_h4r2m0oh.3.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

<--------------------END OF ERROR!!

 

Please help!

6/9/2010 6:01:49 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

Make sure you use the new Web.config file that was included with mojoPortal, don't try to keep the old one, move any customizations from the old one to the new one.

Hope it helps,

Joe

6/9/2010 10:09:12 AM
kpejet
Gravatar
Total Posts 2
View Posts

Re: Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

I knew i kept that original for something. Thanks for the quick reply!

3/28/2011 5:02:14 AM
misiak
Gravatar
Total Posts 4
View Posts

Re: Edit HTML content - "Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form..."

i have the same problem but i have only one file web.config. Where i can find old copy...?

You must sign in to post in the forums. This thread is closed to new posts.