Special characters in RadComboBox and Ajax

8 posts, 0 answers
  1. Marc
    Marc avatar
    39 posts
    Member since:
    Nov 2012

    Posted 30 Dec 2012 Link to this post

    I use a RadComboBox with items filled at run-time. The values comes from an entries made by users so I don't have control on them. Also I add the generic item "<No selection>". Without using Ajax, all work fine. But when I put this combo box into a RadAjaxPanel and react to the OnTextChanged event to change the visibility of other controls, in Visual Studio I receive an exception when I select the "<No selection>" item. When the page is first shown, if it's the selected item then no error is thrown, but same thing if I select it.

    I discover the problem come from the "<" and ">" characters. So if I replace my text to "[No selection]" then it work! Because I have no control, and don't want to, on values of the list I need to find a solution for this.

    I tried to replace them by equivalent code ("&lt;", "&gt;") with no success. I also tried Server.HtmlEncode("<No selection>")but same thing. I also try the second technic as described in http://www.telerik.com/support/kb/aspnet-ajax/combobox/using-displaying-special-characters-in-radcombobox.aspx.

    ---------------------
    I tried the demo located at http://demos.telerik.com/aspnet-ajax/combobox/examples/configurator/defaultcs.aspx and when I enter the value "<No selection>" in the Empty Message field then the entire page is gone! These characters are "killers"...
  2. Nencho
    Admin
    Nencho avatar
    1457 posts

    Posted 03 Jan 2013 Link to this post

    Hello Marc,

    I have performed some tests, based on the provided information, but I was unable to replicate the experienced issue. Could you specify the version of our controls that you use at your end? In addition, I you like to ask you to provide us the implementation of the RadComboBox that you use.

    Regards,
    Nencho
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Marc
    Marc avatar
    39 posts
    Member since:
    Nov 2012

    Posted 04 Jan 2013 Link to this post

    Hi Nencho, to reproduce the problem I create a simple new project in VS 2012 with the following code. I have an exception in the same case but this time I have a different exception (A potentially dangerous Request.Form value was detected from the client (cbxValues_ClientState="...","text":"<None>","enabled":tr...")). The exception is when the we select the item "<None>" from the list but there is no exception if the item is "[None]" instead.
     
    Here is my source code:

    ASP.NET

    <% @ Page Language="C#" AutoEventWireup="true" CodeFile="Default2.aspx.cs" Inherits="Default2" %>

    <% @ Register Assembly="Telerik.Web.UI, Version=2012.3.1205.45, Culture=neutral, PublicKeyToken=121fae78165ba3d4" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>

    <!DOCTYPE html>

    <html xmlns="http://www.w3.org/1999/xhtml">

        <head runat="server">
            <title>
        </
    title
        </head
        <body>
            <form id="form1" runat="server">
            <div>
                <telerik:RadScriptManager Runat="server"></telerik:RadScriptManager>
                <telerik:RadComboBox ID="cbxValues" runat="server" Width="250px" AutoPostBack="True">
                </telerik:RadComboBox
            </div>
        </form>
        </body>

    </html>

     
    C#

    using System;

    using System.Collections.Generic;

    using System.Linq;

    using System.Web;

    using System.Web.UI;

    using System.Web.UI.WebControls;

    using Telerik.Web.UI;

     

    public partial class Default2 : System.Web.UI.Page

    {

        protected void Page_Load(object sender, EventArgs e)

            {
                if (!Page.IsPostBack)

                 {
                    cbxValues.Items.Add(new Telerik.Web.UI.RadComboBoxItem("<None>", "-1"));

                    cbxValues.Items.Add(new Telerik.Web.UI.RadComboBoxItem("Value 1", "1"));

                    cbxValues.Items.Add(new Telerik.Web.UI.RadComboBoxItem("Value 2", "2"));

                 }

            }

    }


    Thanks
  5. Nencho
    Admin
    Nencho avatar
    1457 posts

    Posted 09 Jan 2013 Link to this post

    Hello Marc,

    The .NET framework is throwing an exception because it detects something in the entered text which looks like an HTML statement("<....>"). I can suggest you to set the validateRequest property of the Page to False. Please note that in .NET4 you also need to add
     <httpRuntime requestValidationMode="2.0" /> in your web.config. In addition, please refer to the following forum thread, where this topic is discussed in details.

    Greetings,
    Nencho
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
  6. Marc
    Marc avatar
    39 posts
    Member since:
    Nov 2012

    Posted 09 Jan 2013 Link to this post

    Thanks a lot Nencho, it works!

    I made a modification on your solution by setting the validateRequest in the web.config file to be applied on all pages as follow:

    <configuration>
        <system.web>
            <httpRuntime requestValidationMode="2.0" /> 
            <pages validateRequest="false" />
        </system.web>
    </configuration>

     

  7. Marc
    Marc avatar
    39 posts
    Member since:
    Nov 2012

    Posted 04 Jul 2013 Link to this post

    Hi, the suggested solution was working but I was not happy to apply it because it doesn't appear to be safe to disabled some validation. Few days after the last post, Telerik came out with the version 2012.3.1308 with which it was working without the patch...so I put back the validation at that time...I was very happy about the fix ;-)

    But I notice today, I don't know since when, the bug was re-introduced and it's no more possible to enter "<...>" values in a combo box :-(((

    Is this will be fixed again in a new release... (currently I am using 2013.2.611
  8. Marc
    Marc avatar
    39 posts
    Member since:
    Nov 2012

    Posted 04 Jul 2013 Link to this post

    Few days after the last post, the version 2012.3.1308 came out and the problem was fixed so I removed code that disable request validation because I think it can be dangerous without. 

    I don't know since when but now the bug appear again on a post-back using AJAX. So it's not on selecting the item with "<>" but when making the post-back.

    Now I am using version 2013.2.618.
  9. Nencho
    Admin
    Nencho avatar
    1457 posts

    Posted 09 Jul 2013 Link to this post

    Hello Marc,

    As previously mentioned, this is a .net limitation, which is implemented in order to prevent from processing unencoded HTML content submitted to the server. This is explained in details in this article. However, I tried to replicate the behavior, which you described with the 2012.3.1308 version of our controls. The same behavior persist with the specified version. Here is a video, demonstrating my tests.
    Please correct me if I had missed something in my tests.

    Regards,
    Nencho
    Telerik
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017