Solved

ValidateInput in Razor c#

Posted on 2014-01-08
2
568 Views
Last Modified: 2014-01-09
I'm having trouble with form validation on my .Net project. I'm new to .NET (formerly using ASP) and I have a simple form with a few standard fields that I want to submit. I'm using TinyMCE on the single Text field, and when I submit I get this error:

A potentially dangerous Request.Form value was detected from the client (Text="<p>test text</p>").

I'm coding with Webmatrix which puts the site under .NET 4.0, and I've subsequently updated the web.config with:

<httpRuntime requestValidationMode="2.0"/>

Open in new window


However, I don't know how to implement the ValidateInput="False" code, as the compiler tells me it's not defined. Can anyone help? Full code for the page below, it'd be really helpful if someone could edit it accordingly with a short explanation so that I understand it.

Thanks :)

@{
    var db= Database.Open("cms12");
    [ValidateInput(false)]
    Layout = "~/_Standard.cshtml"; 

    Page.Title = "Etharius CMS";

    if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/Default");
    }
        
    var Section ="";
    var Title ="";
    var Region ="";
    var Image ="";
    var Text ="";

    var ErrorMessage = "";
    var regions = db.Query("SELECT * FROM RegionArea ORDER BY ID");

    // If this is a POST request, validate and process data
    if (IsPost)
    {
    // Initialize page
      Section = Request.Form["Section"];
      Title = Request.Form["Title"];
      Region = Request.Cookies["region"].Value;
      Image = Request.Form["Image"];
      Text = Request.Form["Text"];

      //if (Owner.IsEmpty() || Owner.IsEmpty()) 
      //{ErrorMessage = "You must specify a Company Name";}

      // If all information is valid, submit
      
      if (ErrorMessage=="")
        { 

        var SQLINSERT = "INSERT INTO Pages (Section, Title, Region, Image, Text) VALUES (@0, @1, @2, @3, @4)";
        db.Execute(SQLINSERT, Section, Title, Region, Image, Text);

        // Confirm successful submission via the update page
        Response.Redirect("Menu-Region?status=updated");
        }
    }
    }

@section mainbody {
      @RenderPage("includes/_Textbox.cshtml")

    <div class="container-white" id="container-white">
        <div class="container-sidemenu">
            <div class="sidemenu-top">Help Menu</div>
            <div class="sidemenu-content">
                @RenderPage("includes/_Menu.cshtml")            
            </div>
        </div>

        <div class="admin-top">Welcome to Etharius CMS 7.0 | Add Content Page</div>
            <div class="container-intro">
            
                <form method="post" action="">
                    <fieldset>
                        <legend>Add Content Page</legend>
                        
                        <ol>
                            <li>
                                <label>Section Name</label>
                                <input type="text" id="Section" name="Section" value="@Section" />
                            </li>
                            <li>
                                <label>Title</label>
                                <input type="text" id="Title" name="Title" value="@Title" />
                            </li>
                            <li>
                                <label>Region</label>
                                @RenderPage("~/_GetRegion.cshtml")                                   
                            </li>
                        </ol>
                        <ol>
                            <li>
                                <label>Image</label>
                                <input type="text" id="Image" name="Image" value="@Image" />
                            </li>
                        </ol>
                        
                        <div class="textlabel"><label>Text:</label></div>    
                        <div class="textbox">
                            <textarea id="Text" name="Text">@Text</textarea>
                        </div>    
                        <div class="clear"></div>                            

                        <p><input type="submit" value="Submit" /></p>

                    </fieldset>
                </form>

            </div>
    </div>

Open in new window

0
Comment
Question by:RossLiversidge
  • 2
2 Comments
 

Accepted Solution

by:
RossLiversidge earned 0 total points
ID: 39768610
Figured it out myself, just took a bit of reading. For the record, the only change required was:

Text = Request.Unvalidated().Form["Text"];

Open in new window


Simple when you know how eh?
0
 

Author Closing Comment

by:RossLiversidge
ID: 39768612
Fixes the issue perfectly, helpful for people using Webmatrix as the sample sites use this form structure.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It seems a simple enough task, yet I see repeated questions asking how to do it: how to pass data between two forms. In this article, I will show you the different mechanisms available for you to do just that. This article is directed towards the .N…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question