Solved

ValidateInput in Razor c#

Posted on 2014-01-08
2
573 Views
Last Modified: 2014-01-09
I'm having trouble with form validation on my .Net project. I'm new to .NET (formerly using ASP) and I have a simple form with a few standard fields that I want to submit. I'm using TinyMCE on the single Text field, and when I submit I get this error:

A potentially dangerous Request.Form value was detected from the client (Text="<p>test text</p>").

I'm coding with Webmatrix which puts the site under .NET 4.0, and I've subsequently updated the web.config with:

<httpRuntime requestValidationMode="2.0"/>

Open in new window


However, I don't know how to implement the ValidateInput="False" code, as the compiler tells me it's not defined. Can anyone help? Full code for the page below, it'd be really helpful if someone could edit it accordingly with a short explanation so that I understand it.

Thanks :)

@{
    var db= Database.Open("cms12");
    [ValidateInput(false)]
    Layout = "~/_Standard.cshtml"; 

    Page.Title = "Etharius CMS";

    if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/Default");
    }
        
    var Section ="";
    var Title ="";
    var Region ="";
    var Image ="";
    var Text ="";

    var ErrorMessage = "";
    var regions = db.Query("SELECT * FROM RegionArea ORDER BY ID");

    // If this is a POST request, validate and process data
    if (IsPost)
    {
    // Initialize page
      Section = Request.Form["Section"];
      Title = Request.Form["Title"];
      Region = Request.Cookies["region"].Value;
      Image = Request.Form["Image"];
      Text = Request.Form["Text"];

      //if (Owner.IsEmpty() || Owner.IsEmpty()) 
      //{ErrorMessage = "You must specify a Company Name";}

      // If all information is valid, submit
      
      if (ErrorMessage=="")
        { 

        var SQLINSERT = "INSERT INTO Pages (Section, Title, Region, Image, Text) VALUES (@0, @1, @2, @3, @4)";
        db.Execute(SQLINSERT, Section, Title, Region, Image, Text);

        // Confirm successful submission via the update page
        Response.Redirect("Menu-Region?status=updated");
        }
    }
    }

@section mainbody {
      @RenderPage("includes/_Textbox.cshtml")

    <div class="container-white" id="container-white">
        <div class="container-sidemenu">
            <div class="sidemenu-top">Help Menu</div>
            <div class="sidemenu-content">
                @RenderPage("includes/_Menu.cshtml")            
            </div>
        </div>

        <div class="admin-top">Welcome to Etharius CMS 7.0 | Add Content Page</div>
            <div class="container-intro">
            
                <form method="post" action="">
                    <fieldset>
                        <legend>Add Content Page</legend>
                        
                        <ol>
                            <li>
                                <label>Section Name</label>
                                <input type="text" id="Section" name="Section" value="@Section" />
                            </li>
                            <li>
                                <label>Title</label>
                                <input type="text" id="Title" name="Title" value="@Title" />
                            </li>
                            <li>
                                <label>Region</label>
                                @RenderPage("~/_GetRegion.cshtml")                                   
                            </li>
                        </ol>
                        <ol>
                            <li>
                                <label>Image</label>
                                <input type="text" id="Image" name="Image" value="@Image" />
                            </li>
                        </ol>
                        
                        <div class="textlabel"><label>Text:</label></div>    
                        <div class="textbox">
                            <textarea id="Text" name="Text">@Text</textarea>
                        </div>    
                        <div class="clear"></div>                            

                        <p><input type="submit" value="Submit" /></p>

                    </fieldset>
                </form>

            </div>
    </div>

Open in new window

0
Comment
Question by:RossLiversidge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
RossLiversidge earned 0 total points
ID: 39768610
Figured it out myself, just took a bit of reading. For the record, the only change required was:

Text = Request.Unvalidated().Form["Text"];

Open in new window


Simple when you know how eh?
0
 

Author Closing Comment

by:RossLiversidge
ID: 39768612
Fixes the issue perfectly, helpful for people using Webmatrix as the sample sites use this form structure.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question