EnableLoadOnDemand and broken request validation for other form fields

5 posts, 0 answers
  1. Michael
    Michael avatar
    8 posts
    Member since:
    Jan 2009

    Posted 12 Jun 2014 Link to this post

    Hi guys,

    In a very simplistic overview, we've got a form which includes a couple of textbox fields and a combobox, which in basic terms are used for the following purposes:

    The textbox fields are used for entering HTML script, which is escaped/encoded before any postback - it is then decoded server-side.
    The Combobox makes use of EnableLoadOnDemand and MarkFirstMatch to perform a lookup

    Everything seems to work perfectly when first open a blank form, populate, and save. The problem comes when editing previously saved data; the textbox fields on the form get populated with HTML as expected (the same escaping/encoding script will be used before any update gets saved) - but when the Combobox causes any postback it seems to hold the original HTML data which was populated at form load - causing a "500" error behind the scenes because "potentially dangerous Request.Form"

    We've tried calling every clientEvent (and even wrapping the combobox with a DIV which has a mouse-over etc) to encode the fields appropriately, or even simply clear the form all together... but it seems that no matter what we do the original HTML gets sent back as part of the combobox ajax (assuming part of the original viewstate).

    We have tried plugging into every postback handler we could find, the telerik ajaxmanager onRequestStart, and even the form.onsubmit - but as none of the form changes make it into the returned postback content, nothing we do seems to have any effect.

    Please let us know if there's anything we can do to fix this.

  2. Shinu
    Shinu avatar
    17764 posts
    Member since:
    Mar 2007

    Posted 16 Jun 2014 in reply to Michael Link to this post

    Hi Michael,

    The Reason behind this error is that .Net detected one HTML statement as the text of the TextBox. So in order to avoid this error you have to disable the request validation on that page. To disable request validation on a page please try to set the ValidateRequest attribute of the Page directive to false as follows.

    <%@ Page validateRequest="false" %>

    For .Net 4, please try to add requestValidationMode="2.0"  in the httpRuntime configuration section of the web.config as follows.

    <httpRuntime requestValidationMode="2.0"/>

    Please provide your full code if it doesn't help.
  3. DevCraft R3 2016 release webinar banner
  4. Michael
    Michael avatar
    8 posts
    Member since:
    Jan 2009

    Posted 16 Jun 2014 in reply to Shinu Link to this post

    Hi Shinu,

    Thanks for the reply, although simply disabling the validation isnt really a possible solution.

    We have already put in place a method of handling the postback content of the form correctly, a javascript function which escapes the illegal characters and works perfectly for all of the form content. We are simply struggling to find a way to run this client script at the point of the Combobox attempting to refresh the data.

    We have called this client function from every "OnClient..." event of the combobox, and although this reacts correctly changing the visible content of the form, the actual content that gets posted back still has the original content which causes the error.

    If there was a way to commit the form changes to the Combobox before it tries to load the new data, I imagine that would resolve our issue.

  5. Nencho
    Nencho avatar
    1446 posts

    Posted 17 Jun 2014 Link to this post

    Hello Michael,

    Thank you for the detailed information. Since we were unable to replicate locally the described issue base on the provided information, I would like to ask you to submit a support ticket and attache a runnable sample, demonstrating the encountered problem at your end(along with the function, which escapes the illegal characters). In addition, specify the exact version of our controls that you are currently using.


    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

  6. Michael
    Michael avatar
    8 posts
    Member since:
    Jan 2009

    Posted 17 Jun 2014 in reply to Nencho Link to this post

    Thanks for that Nencho,

    I have raised a support ticket and created a runnable project which behaves in the same way.

    I have linked to this forum page from within the support ticket, so look forward to hearing back.

Back to Top
DevCraft R3 2016 release webinar banner