Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Problem with Editor

Posted on 2014-07-19
4
452 Views
Last Modified: 2014-07-22
Hi,

Using these

    <script type="text/javascript" src="<%= ResolveUrl("~/content/javascript/ckeditor/ckeditor.js") %>"></script>
    <script type="text/javascript" src="<%= ResolveUrl("~/content/javascript/ckeditor/adapters/jquery.js") %>"></script>
    <textarea id="ta1" name="MyEA" runat="server" ></textarea>
    <script type="text/javascript">
        CKEDITOR.replace('<%=ta1.ClientID.Replace("_","$") %>', { toolbar: 'Mybar' });
    </script>
    ...
cmd.Parameters.Add("@ite_desc", SqlDbType.NVarChar).Value = ta1.InnerHtml;
...

Open in new window

I get this error

Server Error in '/App7' Application.

A potentially dangerous Request.Form value was detected from the client (ta1="<p>I want to rent th...").

Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ta1="<p>I want to rent th...").

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ta1="<p>I want to rent th...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12689689
   System.Web.HttpValueCollection.GetValues(Int32 index) +109
   System.Collections.Specialized.NameValueCollection.Add(NameValueCollection c) +116
   System.Web.HttpRequest.FillInParamsCollection() +67
   System.Web.HttpRequest.GetParams() +106
   AjaxControlToolkit.ToolkitScriptManager.OutputCombinedScriptFile(HttpContext context) +206
   AjaxControlToolkit.ToolkitScriptManager.OnInit(EventArgs e) +70
   System.Web.UI.Control.InitRecursive(Control namingContainer) +186
   System.Web.UI.Control.InitRecursive(Control namingContainer) +314
   System.Web.UI.Control.InitRecursive(Control namingContainer) +314
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12659043
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12658553
   System.Web.UI.Page.ProcessRequest() +119
   System.Web.UI.Page.ProcessRequest(HttpContext context) +99
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18446

Open in new window

when saving the record. why?
0
Comment
Question by:HuaMinChen
  • 3
4 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40206756
@ite_desc I think this might be the problem, but if you want to disable security validation on the page or globally (dangerous) follow the steps @ http://msdn.microsoft.com/en-us/library/hh882339.aspx
0
 
LVL 2

Accepted Solution

by:
c l earned 215 total points
ID: 40209161
try putting the following in your web.config file

<httpRuntime requestValidationMode="2.0" />

just make sure you check your data before saving anything to your database!
0
 
LVL 2

Expert Comment

by:c l
ID: 40209162
doh! beat me to it Dave :)
0
 
LVL 2

Expert Comment

by:c l
ID: 40211762
this probably should have been split between Dave and myself, no?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TimeZone, day light savings, Sql server, asp.net 6 37
Vb.net threads keep increasing 2 35
Ajax and PHP 4 29
Ajax and PHP 9 29
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question