I use the FCKeditor control as my editor, I hope to save the content to database, but when I click the button1, I get the following error, why?
I guess because there are some Script string included in FCKeditor1.Value and ASP.Net think it is dangerous, now I don't know how to handle it, could you help me?
A potentially dangerous Request.Form value was detected from the client (FCKeditor1="<p>This is a sample<...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack.
You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (FCKeditor1="<p>This is a sample<...").
<%@ Page Language="C#" %>
<%@ Register Assembly="FredCK.FCKeditorV2" Namespace="FredCK.FCKeditorV2" TagPrefix="FCKeditorV2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
You'll need to add validateRequest=false to the page directive. By default, .NET will throw an exception if a value entered in a form field looks like a script block. You should use Server.HtmlEncode when storing the value in
the database and Server.HtmlDecode when retrieving the value from the database. Also, I would use a regular expression on any other fields on the form to strip them of any code that resembles a script block.
I use FCKeditor as HTML editor, and save the html document to database, I hope to display the html document using a control,
but When I use FCKeditor to display the html document, I find that FCKeditor control hasn't ReadOnly property and Toolbar can't be
hidden completely, I try to use Textbox control to display html document, but only html code can be displayed in textbox control!
If you want to set the FCKeditor control to readonly so it just displays HTML formatted and doesn't allow editing, then it makes more sense to use a Label control. On the other hand, if this
is for something like a chat application and you'd like a TextBox like area to display text, then I know how to do it with FreeTextBox. If you're willing to give FTB a try, I'll dig out the code.
HTH,
Ryan
Marked as answer by mycwcgr on Dec 14, 2006 12:41 PM
There a small problem if you insert/update database by using Parameter. Instead of using enum DbType, you should use OleDbType to save FCK's value to database.
I tried many times with DbType.String but always receive the exception "Invalid character value for cast specification".
You'll need to add validateRequest=false to the page directive. By default, .NET will throw an exception if a value entered in a form field looks like a script block. You should use Server.HtmlEncode when storing the value in
the database and Server.HtmlDecode when retrieving the value from the database. Also, I would use a regular expression on any other fields on the form to strip them of any code that resembles a script block.
HTH,
Ryan
Can You tell me will insert validateRequest=false in what page
I'm trying to insert a record into a table, which I created a tableAdapter with an additional insert query. I then created a Object data source and a details view for the fields.
mycwcgr
Participant
1646 Points
924 Posts
How to save the value of FCKeditor to database?
Mar 06, 2006 12:42 AM|LINK
How to save the value of FCKeditor to database?
I use the FCKeditor control as my editor, I hope to save the content to database, but when I click the button1, I get the following error, why?
I guess because there are some Script string included in FCKeditor1.Value and ASP.Net think it is dangerous, now I don't know how to handle it, could you help me?
A potentially dangerous Request.Form value was detected from the client (FCKeditor1="<p>This is a sample<...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (FCKeditor1="<p>This is a sample<...").
<%@ Page Language="C#" %>
<%@ Register Assembly="FredCK.FCKeditorV2" Namespace="FredCK.FCKeditorV2" TagPrefix="FCKeditorV2" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void Button1_Click(object sender, EventArgs e)
{
string s = FCKeditor1.Value;
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<FCKeditorV2:FCKeditor ID="FCKeditor1" runat="server" BasePath="~/FCKeditor/">
</FCKeditorV2:FCKeditor>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" /></div>
</form>
</body>
</html>
StrongTypes
All-Star
30801 Points
6013 Posts
ASPInsiders
Re: How to save the value of FCKeditor to database?
Mar 06, 2006 01:08 AM|LINK
You'll need to add validateRequest=false to the page directive. By default, .NET will throw an exception if a value entered in a form field looks like a script block. You should use Server.HtmlEncode when storing the value in the database and Server.HtmlDecode when retrieving the value from the database. Also, I would use a regular expression on any other fields on the form to strip them of any code that resembles a script block.
HTH,
Ryan
mycwcgr
Participant
1646 Points
924 Posts
Re: How to save the value of FCKeditor to database?
Mar 14, 2006 02:24 AM|LINK
I use FCKeditor as HTML editor, and save the html document to database, I hope to display the html document using a control,
but When I use FCKeditor to display the html document, I find that FCKeditor control hasn't ReadOnly property and Toolbar can't be
hidden completely, I try to use Textbox control to display html document, but only html code can be displayed in textbox control!
StrongTypes
All-Star
30801 Points
6013 Posts
ASPInsiders
Re: How to save the value of FCKeditor to database?
Mar 14, 2006 04:20 AM|LINK
If you want to set the FCKeditor control to readonly so it just displays HTML formatted and doesn't allow editing, then it makes more sense to use a Label control. On the other hand, if this is for something like a chat application and you'd like a TextBox like area to display text, then I know how to do it with FreeTextBox. If you're willing to give FTB a try, I'll dig out the code.
HTH,
Ryan
jatinsprajap...
Member
7 Points
2 Posts
Re: How to save the value of FCKeditor to database?
Jul 07, 2006 04:54 AM|LINK
hi
u have to use Literal control in asp.net for display the Fckeditor content on page ,
u cant display data from in textbox or lable .
concta me on chat, i will show u in detail , jsp_3053@yahoo.co.in
regards
supbapcai
Member
15 Points
3 Posts
Re: How to save the value of FCKeditor to database?
Dec 14, 2006 02:28 AM|LINK
There a small problem if you insert/update database by using Parameter. Instead of using enum DbType, you should use OleDbType to save FCK's value to database.
I tried many times with DbType.String but always receive the exception "Invalid character value for cast specification".
Anyone know why ?
OleDbType FCKeditor DbType
houshang.kar...
Member
55 Points
15 Posts
How to save the value of FCKeditor to database?
Jan 06, 2007 10:38 AM|LINK
hello
i use datagridview control for editing and saving from fckeditor control
for dispalay you must use this :
<asp:TemplateField HeaderText="caption" SortExpression="Text"> <EditItemTemplate> <FCKeditorV2:FCKeditor EnableXHTML="true" Value='<%# Bind("Text") %>' BasePath="~/FCKeditor/" ID="FCKeditor3" runat="server"> </FCKeditorV2:FCKeditor> </EditItemTemplate>for saving you use
private string getCaptionText{
get{
return (((UltimateEditor)(DetailsView1.Rows[1].Cells[1].Controls[1])).EditorHtml.Replace(Request.Url.GetLeftPart(UriPartial.Authority),""));}
}
and replace it in Insert command
linux_nd
Member
92 Points
42 Posts
Re: How to save the value of FCKeditor to database?
Jan 23, 2007 01:46 PM|LINK
Can You tell me will insert validateRequest=false in what page
gsdtech
Participant
1227 Points
190 Posts
Re: How to save the value of FCKeditor to database?
Jan 25, 2007 10:19 PM|LINK
You should put it at the top of any page you use FTB or FCKeditor as follows:
FCKeditor FTB
sagreene
Member
2 Points
1 Post
Re: How to save the value of FCKeditor to database?
Feb 03, 2007 04:11 PM|LINK
Hi All,
I'm having this same problem.
I was getting the same editor to do with the dangerous code. I added the ValidateRequest and now I get: