Hi guys,
In a very simplistic overview, we've got a form which includes a couple of textbox fields and a combobox, which in basic terms are used for the following purposes:
The textbox fields are used for entering HTML script, which is escaped/encoded before any postback - it is then decoded server-side.
The Combobox makes use of EnableLoadOnDemand and MarkFirstMatch to perform a lookup
Everything seems to work perfectly when first open a blank form, populate, and save. The problem comes when editing previously saved data; the textbox fields on the form get populated with HTML as expected (the same escaping/encoding script will be used before any update gets saved) - but when the Combobox causes any postback it seems to hold the original HTML data which was populated at form load - causing a "500" error behind the scenes because "potentially dangerous Request.Form"
We've tried calling every clientEvent (and even wrapping the combobox with a DIV which has a mouse-over etc) to encode the fields appropriately, or even simply clear the form all together... but it seems that no matter what we do the original HTML gets sent back as part of the combobox ajax (assuming part of the original viewstate).
We have tried plugging into every postback handler we could find, the telerik ajaxmanager onRequestStart, and even the form.onsubmit - but as none of the form changes make it into the returned postback content, nothing we do seems to have any effect.
Please let us know if there's anything we can do to fix this.
Cheers
In a very simplistic overview, we've got a form which includes a couple of textbox fields and a combobox, which in basic terms are used for the following purposes:
The textbox fields are used for entering HTML script, which is escaped/encoded before any postback - it is then decoded server-side.
The Combobox makes use of EnableLoadOnDemand and MarkFirstMatch to perform a lookup
Everything seems to work perfectly when first open a blank form, populate, and save. The problem comes when editing previously saved data; the textbox fields on the form get populated with HTML as expected (the same escaping/encoding script will be used before any update gets saved) - but when the Combobox causes any postback it seems to hold the original HTML data which was populated at form load - causing a "500" error behind the scenes because "potentially dangerous Request.Form"
We've tried calling every clientEvent (and even wrapping the combobox with a DIV which has a mouse-over etc) to encode the fields appropriately, or even simply clear the form all together... but it seems that no matter what we do the original HTML gets sent back as part of the combobox ajax (assuming part of the original viewstate).
We have tried plugging into every postback handler we could find, the telerik ajaxmanager onRequestStart, and even the form.onsubmit - but as none of the form changes make it into the returned postback content, nothing we do seems to have any effect.
Please let us know if there's anything we can do to fix this.
Cheers
4 Answers, 1 is accepted
0
Shinu
Top achievements
Rank 2
Rank 2
answered on 16 Jun 2014, 07:21 AM
Hi Michael,
The Reason behind this error is that .Net detected one HTML statement as the text of the TextBox. So in order to avoid this error you have to disable the request validation on that page. To disable request validation on a page please try to set the ValidateRequest attribute of the Page directive to false as follows.
For .Net 4, please try to add requestValidationMode="2.0" in the httpRuntime configuration section of the web.config as follows.
Please provide your full code if it doesn't help.
Thanks,
Shinu.
The Reason behind this error is that .Net detected one HTML statement as the text of the TextBox. So in order to avoid this error you have to disable the request validation on that page. To disable request validation on a page please try to set the ValidateRequest attribute of the Page directive to false as follows.
<%@ Page validateRequest="false" %>For .Net 4, please try to add requestValidationMode="2.0" in the httpRuntime configuration section of the web.config as follows.
<httpRuntime requestValidationMode="2.0"/>Please provide your full code if it doesn't help.
Thanks,
Shinu.
0
Michael
Top achievements
Rank 1
Rank 1
answered on 16 Jun 2014, 09:43 AM
Hi Shinu,
Thanks for the reply, although simply disabling the validation isnt really a possible solution.
We have already put in place a method of handling the postback content of the form correctly, a javascript function which escapes the illegal characters and works perfectly for all of the form content. We are simply struggling to find a way to run this client script at the point of the Combobox attempting to refresh the data.
We have called this client function from every "OnClient..." event of the combobox, and although this reacts correctly changing the visible content of the form, the actual content that gets posted back still has the original content which causes the error.
If there was a way to commit the form changes to the Combobox before it tries to load the new data, I imagine that would resolve our issue.
Cheers
Mike
Thanks for the reply, although simply disabling the validation isnt really a possible solution.
We have already put in place a method of handling the postback content of the form correctly, a javascript function which escapes the illegal characters and works perfectly for all of the form content. We are simply struggling to find a way to run this client script at the point of the Combobox attempting to refresh the data.
We have called this client function from every "OnClient..." event of the combobox, and although this reacts correctly changing the visible content of the form, the actual content that gets posted back still has the original content which causes the error.
If there was a way to commit the form changes to the Combobox before it tries to load the new data, I imagine that would resolve our issue.
Cheers
Mike
0
Hello Michael,
Thank you for the detailed information. Since we were unable to replicate locally the described issue base on the provided information, I would like to ask you to submit a support ticket and attache a runnable sample, demonstrating the encountered problem at your end(along with the function, which escapes the illegal characters). In addition, specify the exact version of our controls that you are currently using.
Regards,
Nencho
Telerik
Thank you for the detailed information. Since we were unable to replicate locally the described issue base on the provided information, I would like to ask you to submit a support ticket and attache a runnable sample, demonstrating the encountered problem at your end(along with the function, which escapes the illegal characters). In addition, specify the exact version of our controls that you are currently using.
Regards,
Nencho
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Michael
Top achievements
Rank 1
Rank 1
answered on 17 Jun 2014, 12:51 PM
Thanks for that Nencho,
I have raised a support ticket and created a runnable project which behaves in the same way.
I have linked to this forum page from within the support ticket, so look forward to hearing back.
Cheers
Mike
I have raised a support ticket and created a runnable project which behaves in the same way.
I have linked to this forum page from within the support ticket, so look forward to hearing back.
Cheers
Mike