• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 624
  • Last Modified:

ValidateInput in Razor c#

I'm having trouble with form validation on my .Net project. I'm new to .NET (formerly using ASP) and I have a simple form with a few standard fields that I want to submit. I'm using TinyMCE on the single Text field, and when I submit I get this error:

A potentially dangerous Request.Form value was detected from the client (Text="<p>test text</p>").

I'm coding with Webmatrix which puts the site under .NET 4.0, and I've subsequently updated the web.config with:

<httpRuntime requestValidationMode="2.0"/>

Open in new window


However, I don't know how to implement the ValidateInput="False" code, as the compiler tells me it's not defined. Can anyone help? Full code for the page below, it'd be really helpful if someone could edit it accordingly with a short explanation so that I understand it.

Thanks :)

@{
    var db= Database.Open("cms12");
    [ValidateInput(false)]
    Layout = "~/_Standard.cshtml"; 

    Page.Title = "Etharius CMS";

    if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/Default");
    }
        
    var Section ="";
    var Title ="";
    var Region ="";
    var Image ="";
    var Text ="";

    var ErrorMessage = "";
    var regions = db.Query("SELECT * FROM RegionArea ORDER BY ID");

    // If this is a POST request, validate and process data
    if (IsPost)
    {
    // Initialize page
      Section = Request.Form["Section"];
      Title = Request.Form["Title"];
      Region = Request.Cookies["region"].Value;
      Image = Request.Form["Image"];
      Text = Request.Form["Text"];

      //if (Owner.IsEmpty() || Owner.IsEmpty()) 
      //{ErrorMessage = "You must specify a Company Name";}

      // If all information is valid, submit
      
      if (ErrorMessage=="")
        { 

        var SQLINSERT = "INSERT INTO Pages (Section, Title, Region, Image, Text) VALUES (@0, @1, @2, @3, @4)";
        db.Execute(SQLINSERT, Section, Title, Region, Image, Text);

        // Confirm successful submission via the update page
        Response.Redirect("Menu-Region?status=updated");
        }
    }
    }

@section mainbody {
      @RenderPage("includes/_Textbox.cshtml")

    <div class="container-white" id="container-white">
        <div class="container-sidemenu">
            <div class="sidemenu-top">Help Menu</div>
            <div class="sidemenu-content">
                @RenderPage("includes/_Menu.cshtml")            
            </div>
        </div>

        <div class="admin-top">Welcome to Etharius CMS 7.0 | Add Content Page</div>
            <div class="container-intro">
            
                <form method="post" action="">
                    <fieldset>
                        <legend>Add Content Page</legend>
                        
                        <ol>
                            <li>
                                <label>Section Name</label>
                                <input type="text" id="Section" name="Section" value="@Section" />
                            </li>
                            <li>
                                <label>Title</label>
                                <input type="text" id="Title" name="Title" value="@Title" />
                            </li>
                            <li>
                                <label>Region</label>
                                @RenderPage("~/_GetRegion.cshtml")                                   
                            </li>
                        </ol>
                        <ol>
                            <li>
                                <label>Image</label>
                                <input type="text" id="Image" name="Image" value="@Image" />
                            </li>
                        </ol>
                        
                        <div class="textlabel"><label>Text:</label></div>    
                        <div class="textbox">
                            <textarea id="Text" name="Text">@Text</textarea>
                        </div>    
                        <div class="clear"></div>                            

                        <p><input type="submit" value="Submit" /></p>

                    </fieldset>
                </form>

            </div>
    </div>

Open in new window

0
RossLiversidge
Asked:
RossLiversidge
  • 2
1 Solution
 
RossLiversidgeAuthor Commented:
Figured it out myself, just took a bit of reading. For the record, the only change required was:

Text = Request.Unvalidated().Form["Text"];

Open in new window


Simple when you know how eh?
0
 
RossLiversidgeAuthor Commented:
Fixes the issue perfectly, helpful for people using Webmatrix as the sample sites use this form structure.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now