I'm inserting to database from a form and I was getting errors about dangerous content but maybe now I've turned off validation this will work, I'll give it a go
<p>We are awaiting news from Wessex as to whether the weather is going to effect this meeting as well.</p> <p>Watch this space for updates as sadly there is little racing going on at the moment which is a real shame after the team
efforts in the garage through the winter.</p>
tonyjoanes
Member
24 Points
37 Posts
Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 22, 2012 08:35 PM|LINK
When posting back a form I am getting the following message
A potentially dangerous Request.Form value was detected from the client (article="<p>'</p>").
The only thing is that its working with other characters. Has anyone seen this issue occur before, and know how to resolve it?
Mikesdotnett...
All-Star
154927 Points
19867 Posts
Moderator
MVP
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 22, 2012 08:54 PM|LINK
Use Request.Unvalidated() to access values that might contain HTML:
var article = Request.Unvalidated("article");Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
tonyjoanes
Member
24 Points
37 Posts
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 25, 2012 10:10 PM|LINK
I have now used
Request.Unvalidated("article");But when I decode the other side it outputs the actual html tags to the screen?Allowed the apostrophe through though :)Mikesdotnett...
All-Star
154927 Points
19867 Posts
Moderator
MVP
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 26, 2012 04:52 AM|LINK
If you want to display as HTML, use Html.Raw():
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
tonyjoanes
Member
24 Points
37 Posts
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 26, 2012 06:37 AM|LINK
This doesn't work for me. I'm encoding into the database and then decoding when I display it.
When collecting the data from a tiny mce control in having to request.invalidated to get it to work with special characters
Mikesdotnett...
All-Star
154927 Points
19867 Posts
Moderator
MVP
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 26, 2012 12:45 PM|LINK
Just store the HTML in the database. There is no need to encode and decode.
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
tonyjoanes
Member
24 Points
37 Posts
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 26, 2012 01:16 PM|LINK
I'm inserting to database from a form and I was getting errors about dangerous content but maybe now I've turned off validation this will work, I'll give it a go
tonyjoanes
Member
24 Points
37 Posts
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 26, 2012 08:20 PM|LINK
Okay
@Html.Raw("") isn't working. My text outputs with the html tags visible instread of rendering them.
Into the database is done this way
article = Request.Unvalidated("article");
... insert statements
and then rendered on the page like this
@Html.Raw(@row.Article)
Mikesdotnett...
All-Star
154927 Points
19867 Posts
Moderator
MVP
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
Apr 27, 2012 05:11 AM|LINK
Have you got a small sample of what is stored in the databse for one of these entries?
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter
tonyjoanes
Member
24 Points
37 Posts
Re: Postback with apostrophe throwing "A potentially dangerous Request.Form"
May 03, 2012 10:21 AM|LINK
This is some data that is in the database
<p>We are awaiting news from Wessex as to whether the weather is going to effect this meeting as well.</p> <p>Watch this space for updates as sadly there is little racing going on at the moment which is a real shame after the team efforts in the garage through the winter.</p>