?
Solved

ValidateInput in Razor c#

Posted on 2014-01-08
2
Medium Priority
?
589 Views
Last Modified: 2014-01-09
I'm having trouble with form validation on my .Net project. I'm new to .NET (formerly using ASP) and I have a simple form with a few standard fields that I want to submit. I'm using TinyMCE on the single Text field, and when I submit I get this error:

A potentially dangerous Request.Form value was detected from the client (Text="<p>test text</p>").

I'm coding with Webmatrix which puts the site under .NET 4.0, and I've subsequently updated the web.config with:

<httpRuntime requestValidationMode="2.0"/>

Open in new window


However, I don't know how to implement the ValidateInput="False" code, as the compiler tells me it's not defined. Can anyone help? Full code for the page below, it'd be really helpful if someone could edit it accordingly with a short explanation so that I understand it.

Thanks :)

@{
    var db= Database.Open("cms12");
    [ValidateInput(false)]
    Layout = "~/_Standard.cshtml"; 

    Page.Title = "Etharius CMS";

    if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/Default");
    }
        
    var Section ="";
    var Title ="";
    var Region ="";
    var Image ="";
    var Text ="";

    var ErrorMessage = "";
    var regions = db.Query("SELECT * FROM RegionArea ORDER BY ID");

    // If this is a POST request, validate and process data
    if (IsPost)
    {
    // Initialize page
      Section = Request.Form["Section"];
      Title = Request.Form["Title"];
      Region = Request.Cookies["region"].Value;
      Image = Request.Form["Image"];
      Text = Request.Form["Text"];

      //if (Owner.IsEmpty() || Owner.IsEmpty()) 
      //{ErrorMessage = "You must specify a Company Name";}

      // If all information is valid, submit
      
      if (ErrorMessage=="")
        { 

        var SQLINSERT = "INSERT INTO Pages (Section, Title, Region, Image, Text) VALUES (@0, @1, @2, @3, @4)";
        db.Execute(SQLINSERT, Section, Title, Region, Image, Text);

        // Confirm successful submission via the update page
        Response.Redirect("Menu-Region?status=updated");
        }
    }
    }

@section mainbody {
      @RenderPage("includes/_Textbox.cshtml")

    <div class="container-white" id="container-white">
        <div class="container-sidemenu">
            <div class="sidemenu-top">Help Menu</div>
            <div class="sidemenu-content">
                @RenderPage("includes/_Menu.cshtml")            
            </div>
        </div>

        <div class="admin-top">Welcome to Etharius CMS 7.0 | Add Content Page</div>
            <div class="container-intro">
            
                <form method="post" action="">
                    <fieldset>
                        <legend>Add Content Page</legend>
                        
                        <ol>
                            <li>
                                <label>Section Name</label>
                                <input type="text" id="Section" name="Section" value="@Section" />
                            </li>
                            <li>
                                <label>Title</label>
                                <input type="text" id="Title" name="Title" value="@Title" />
                            </li>
                            <li>
                                <label>Region</label>
                                @RenderPage("~/_GetRegion.cshtml")                                   
                            </li>
                        </ol>
                        <ol>
                            <li>
                                <label>Image</label>
                                <input type="text" id="Image" name="Image" value="@Image" />
                            </li>
                        </ol>
                        
                        <div class="textlabel"><label>Text:</label></div>    
                        <div class="textbox">
                            <textarea id="Text" name="Text">@Text</textarea>
                        </div>    
                        <div class="clear"></div>                            

                        <p><input type="submit" value="Submit" /></p>

                    </fieldset>
                </form>

            </div>
    </div>

Open in new window

0
Comment
Question by:RossLiversidge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
RossLiversidge earned 0 total points
ID: 39768610
Figured it out myself, just took a bit of reading. For the record, the only change required was:

Text = Request.Unvalidated().Form["Text"];

Open in new window


Simple when you know how eh?
0
 

Author Closing Comment

by:RossLiversidge
ID: 39768612
Fixes the issue perfectly, helpful for people using Webmatrix as the sample sites use this form structure.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes relatively difficult and non-obvious issues that are likely to arise when creating COM class in Visual Studio and deploying it by professional MSI-authoring tools. It is assumed that the reader is already familiar with the cla…
This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question