Potentially Dangerous Request in ASP.NET 4

6 posts, 0 answers
  1. Matthias Otto
    Matthias Otto avatar
    3 posts
    Member since:
    Mar 2010

    Posted 20 Mar 2010 Link to this post

    Hi,

    I am getting a popup with "Error 500: Potentially Dangerous Request" when trying to use RadSpell on multiple controls in ASP.NET 4. The error occurs the moment I click "Check Spell".

    Reproduction: Create a fresh ASP.NET 4 project (VB) and add the HTTPRequestHandler for RadScriptManager and RadSpell to the web.config through Telerik's SmartTags. Then add the RadScriptManager and RadSpell to your Default.aspx, create two basic text inputs and try hook up both (i.e. ControlsToCheck="TextBox1,TextBox2")

    Web.config (excerpt)
            <httpHandlers> 
                <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false"/> 
                <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false"/> 
                <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/> 
            </httpHandlers> 
            <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web> 
        <system.webServer> 
            <modules runAllManagedModulesForAllRequests="true"
            </modules> 
            <validation validateIntegratedModeConfiguration="false"/> 
            <handlers> 
                <add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler"/> 
                <add name="Telerik_Web_UI_SpellCheckHandler_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler"/> 
                <add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource"/> 
            </handlers> 
        </system.webServer> 


    Default.aspx
    <%@ Page Title="Home Page" Language="vb" MasterPageFile="~/Site.Master" AutoEventWireup="false" 
        CodeBehind="Default.aspx.vb" Inherits="RadSpellTest._Default" %> 
     
    <%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %> 
     
    <asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent"
    </asp:Content> 
    <asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent"
        <h2> 
            Welcome to ASP.NET! 
        </h2> 
         
         <telerik:RadScriptManager ID="RadScriptManager1" runat="server" /> 
     
         <input type="text" id="TextBox1" /> 
     
         <input type="text" ID="TextBox2" /> 
     
         <telerik:RadSpell ID="RadSpell1" Runat="server" ControlsToCheck="TextBox1,TextBox2" IsClientID="True" SupportedLanguages="en-US,English" /> 
     
    </asp:Content> 
     

    Attached you can find a screenshot of the error message.

    Note: It does work when TargetFramework of the project is set to 3.5 instead of 4.0 or if RadSpell is given only one ControlToCheck.

    Thanks for any help,
    Matt
  2. Matthias Otto
    Matthias Otto avatar
    3 posts
    Member since:
    Mar 2010

    Posted 20 Mar 2010 Link to this post

    Apparently, ASP.NET 4 validates every request that is received. Older versions of ASP.NET only validated requests to ASPX pages.


        Telerik-Team, please update your handlers to make them pass ASP.NET 4 request validation.


    Workaround: In the meantime, you will have to disable the new request validation by setting <httpRuntime requestValidationMode="2.0" /> in <system.web> in you web.config.
    <configuration> 
     
      <system.web> 
     
        <httpRuntime requestValidationMode="2.0" /> 
        ... 
      </system.web> 
      ... 
    </configuration> 
         


    SourceStackOverflow

  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Lini
    Admin
    Lini avatar
    2144 posts

    Posted 23 Mar 2010 Link to this post

    Hello Matt,

    We plan to release an update to the RadControls for ASP.NET AJAX once the official VS 2010 build is out. The problem with RadSpell will be fixed there. I apologize for the inconvenience this has caused you.

    Best wishes,
    Lini
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  5. Matthias Otto
    Matthias Otto avatar
    3 posts
    Member since:
    Mar 2010

    Posted 23 Mar 2010 Link to this post

    No need to apologize.

    Until the release of the mentioned update, it may make sense for you to add a page to the current ASP.NET ASPX Documentation. I suppose that many people are trying to use your tools in VS2010 right now and would be stumbling over the same problems as I am.

    Thanks,
    Matt
  6. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 25 Mar 2010 Link to this post

    Hi Matt,

    Because customers will receive the updated documentation with the Service Pack, we decided that it is best to set this thread as a sticky one in the forum so the information will be available to all that visit it.

    Thank you very much for bringing this problem to our attention. Your points have been updated.

    Best wishes,
    Georgi Tunev
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  7. sdfsdf sdfdsf
    sdfsdf sdfdsf avatar
    1 posts
    Member since:
    Feb 2004

    Posted 31 Mar 2010 Link to this post

    It's not as simple as 'fixing the handlers' - AFAIK you have no option to prevent ASP.NET 4 stepping in front of you and blocking any request that contains HTML, unless you switch the mode back to 2.
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017