8

I have aspx in that I am calling a ascx user control in that i am using tinymce editor. When I am trying to save data i am getting the error..

A potentially dangerous Request.Form value was detected from the client (UserControl1$TextBox1="

fgh

fghj

I already check A potentially dangerous Request.Form value was detected from the client

I tried:

web.config I set

<pages validateRequest="false">
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
<compilation debug="true" targetFramework="4.0">
<@page validateRequest="false">
Server.HtmlEncode(TextBox1.Text)
encoding: "xml" // This is solving the prob. but Text is converting in HTML tag I don't want that

Please someone help me...

Community
  • 1
  • 1
Rocky
  • 4,454
  • 14
  • 64
  • 119

3 Answers3

5

You can also try adding the encoding attribute : encoding: 'xml' 

<script>
    tinymce.init({
    selector: 'textarea',
    encoding: 'xml' 
}); 
</script>

You can check this link, it says :

encoding: “xml”

– solves “A potentially dangerous Request.Form value was detected”, which won’t allow you to submit the Web Form

Mehdi Souregi
  • 3,153
  • 5
  • 36
  • 53
3

Add this to httpRuntime

< httpRuntime requestValidationMode="2.0"  />
erikkallen
  • 33,800
  • 13
  • 85
  • 120
Michael Samteladze
  • 1,310
  • 15
  • 38
  • 6
    HttpRuntimeSection.RequestValidation looks like a backwards compatibility feature to me. Using [AllowHtml] on individual fields seems better – Chris F Carroll Oct 23 '15 at 08:47
0

Any reason why you can't encode the string and store in your database and then just before displaying the encoded string you can simply decode it ?

Bobby
  • 1,594
  • 13
  • 20
  • for the first time I am able to save the data when i am using encoding: "xml", but again when i am unloading the data and trying to save same error is coming, I am storing the textbox text in a viewstate and assigning to hashtable also – Rocky Feb 24 '12 at 11:52
  • 1
    Why are you using xml encoding can you not just use Server.HtmlEncode(TextBox1.Text) not in web.config but in c# code behind where you pull the value just before saving. – Bobby Feb 24 '12 at 11:56
  • if i am not using the xml encoding the error is coming, and when i am clicking on btn click debug pointer is not going in that before that only error is showing – Rocky Feb 24 '12 at 12:00
  • will be really useful if you could post some more of your code and the outputs you are seeing. – Bobby Feb 24 '12 at 12:07