Hi I get this error when i hit the submit button on a user login form because there is a repeater on the same page with is repeating html which is being posted back with the form content. apart from applying ValidateRequest="false" to the login usercontrol is there anything i can add around the repeater to stop this?
Asked
Active
Viewed 1,837 times
3 Answers
0
When you set ValidateRequest to false all kind of dangerous characters are accepted as parameters so you must make sure to properly HTML encode them if you intend to redisplay this user input.
Darin Dimitrov
- 1,023,142
- 271
- 3,287
- 2,928
0
If for some reason you can't HTML encode the text:
1) In the repeater, render the dangerous text inside HTML elements that don't get posted, like <p> or <span>.
2) If you absolutely must render the HTML inside <input> elements, disable those elements and so your page doesn't submit them.
Jeff Sternal
- 47,787
- 8
- 93
- 120
-
the repeater has repeated .net hiddenfields that are having their values read on itembound. firstly how do i 'disable' these elements, and secondly will it affect them being read on itembound? – phil crowe Nov 15 '10 at 16:07
-
@phil - aha. You can't disable hidden input fields. However, you should be able to take an alternative approach to whatever it is that you're doing. It should not ever be necessary to read anything from your .aspx during `OnItemDataBound` - could you elaborate on what you're doing there? (Perhaps in another question.) – Jeff Sternal Nov 15 '10 at 16:14
0
I answered how to allow this here: "<" in a text box in ASP.NET --> how to allow it? basically by escaping the HTML just before the post
