Solved

ValidateInput in Razor c#

Posted on 2014-01-08
2
576 Views
Last Modified: 2014-01-09
I'm having trouble with form validation on my .Net project. I'm new to .NET (formerly using ASP) and I have a simple form with a few standard fields that I want to submit. I'm using TinyMCE on the single Text field, and when I submit I get this error:

A potentially dangerous Request.Form value was detected from the client (Text="<p>test text</p>").

I'm coding with Webmatrix which puts the site under .NET 4.0, and I've subsequently updated the web.config with:

<httpRuntime requestValidationMode="2.0"/>

Open in new window


However, I don't know how to implement the ValidateInput="False" code, as the compiler tells me it's not defined. Can anyone help? Full code for the page below, it'd be really helpful if someone could edit it accordingly with a short explanation so that I understand it.

Thanks :)

@{
    var db= Database.Open("cms12");
    [ValidateInput(false)]
    Layout = "~/_Standard.cshtml"; 

    Page.Title = "Etharius CMS";

    if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/Default");
    }
        
    var Section ="";
    var Title ="";
    var Region ="";
    var Image ="";
    var Text ="";

    var ErrorMessage = "";
    var regions = db.Query("SELECT * FROM RegionArea ORDER BY ID");

    // If this is a POST request, validate and process data
    if (IsPost)
    {
    // Initialize page
      Section = Request.Form["Section"];
      Title = Request.Form["Title"];
      Region = Request.Cookies["region"].Value;
      Image = Request.Form["Image"];
      Text = Request.Form["Text"];

      //if (Owner.IsEmpty() || Owner.IsEmpty()) 
      //{ErrorMessage = "You must specify a Company Name";}

      // If all information is valid, submit
      
      if (ErrorMessage=="")
        { 

        var SQLINSERT = "INSERT INTO Pages (Section, Title, Region, Image, Text) VALUES (@0, @1, @2, @3, @4)";
        db.Execute(SQLINSERT, Section, Title, Region, Image, Text);

        // Confirm successful submission via the update page
        Response.Redirect("Menu-Region?status=updated");
        }
    }
    }

@section mainbody {
      @RenderPage("includes/_Textbox.cshtml")

    <div class="container-white" id="container-white">
        <div class="container-sidemenu">
            <div class="sidemenu-top">Help Menu</div>
            <div class="sidemenu-content">
                @RenderPage("includes/_Menu.cshtml")            
            </div>
        </div>

        <div class="admin-top">Welcome to Etharius CMS 7.0 | Add Content Page</div>
            <div class="container-intro">
            
                <form method="post" action="">
                    <fieldset>
                        <legend>Add Content Page</legend>
                        
                        <ol>
                            <li>
                                <label>Section Name</label>
                                <input type="text" id="Section" name="Section" value="@Section" />
                            </li>
                            <li>
                                <label>Title</label>
                                <input type="text" id="Title" name="Title" value="@Title" />
                            </li>
                            <li>
                                <label>Region</label>
                                @RenderPage("~/_GetRegion.cshtml")                                   
                            </li>
                        </ol>
                        <ol>
                            <li>
                                <label>Image</label>
                                <input type="text" id="Image" name="Image" value="@Image" />
                            </li>
                        </ol>
                        
                        <div class="textlabel"><label>Text:</label></div>    
                        <div class="textbox">
                            <textarea id="Text" name="Text">@Text</textarea>
                        </div>    
                        <div class="clear"></div>                            

                        <p><input type="submit" value="Submit" /></p>

                    </fieldset>
                </form>

            </div>
    </div>

Open in new window

0
Comment
Question by:RossLiversidge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
RossLiversidge earned 0 total points
ID: 39768610
Figured it out myself, just took a bit of reading. For the record, the only change required was:

Text = Request.Unvalidated().Form["Text"];

Open in new window


Simple when you know how eh?
0
 

Author Closing Comment

by:RossLiversidge
ID: 39768612
Fixes the issue perfectly, helpful for people using Webmatrix as the sample sites use this form structure.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since I am currently running into this issue right now as I type this, I though I would share my experiences with moving a ModX Revolution site from one server to another.  It is not an easy task, but can be accomplished rather easily. The first …
Knowledge base software has turned out to be a quite reliable method for storing information, promoting collaborative work and for sharing valuable input and solutions.However, some organizations are trying to develop a knowledge base that works wit…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question