0

Many of you might have come across this issue before.

I've got a user control with AjaxToolkit UpdatePanel, asp Panels and GridView controls. The user control is inside a web page with AjaxToolkit ScriptManager. The control has text input controls and buttons in every row of the grid. Each button causes an Ajax postback.

The page is part of an old application using .Net which I am fixing some bugs on. One particular bug happens when users type in HTML special characters (e.g. <, &, >) and press a button, which results in the well-known server error "A potentially dangerous character...".

My requirement is to encode all user input data BEFORE the Ajax postback takes place so as to avoid the above server error. So I have written a some JQuery functions that encode values of all text input elements on the page and then set them back to those encoded values.

I know that setting the page attribute "ValidateRequest" to false will solve this issue but that's not an option for me.

I have tried the following:

  • Used asp CustomValidator to validate input data. I enabled client script in it and defined a JavaScript function to encode data and returned true at the end. When I press a button to post back the data, the custom validator kicks in and calls the JavaScript function. But after the function exists the server postback does not happen unless I click on the button again, i.e. I have to click the button TWICE for a postback to occur!

  • Used add_initialiseRequest and add_beginRequest of the Sys.WebForms object to intercept the Ajax postback and do the encoding then. In this case these events are called and the data is encoded but if I input some of those special chars and post the page I get the following error:

"Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500"

this error proves the original special chars still exist in the data posted to the server and encoding it in those events does not make any difference.

Any help is gratefully appreciated.

Aristos
  • 66,005
  • 16
  • 114
  • 150
seemorgh
  • 305
  • 2
  • 12
  • First you need to show the real error message. See this answer http://stackoverflow.com/questions/5385714/deploying-website-500-internal-server-error/5385884#5385884 – Aristos Jan 07 '15 at 18:26
  • and check if this is your issue here: http://stackoverflow.com/questions/10717703/a-potentially-dangerous-request-form-value-was-detected-from-the-client/10721007#10721007 – Aristos Jan 07 '15 at 18:29

0 Answers0