This is a migrated thread and some comments may be shown as answers.
A potentially dangerous Request.Form value was detected from the client
1 Answer 88 Views
This is a migrated thread and some comments may be shown as answers.
andrew
Top achievements
Rank 1
andrew asked on 06 Mar 2014, 03:48 PM
I'm getting the following error when I post back with the RadEditor

A potentially dangerous Request.Form value was detected from the client (step1RadEditor$ctl00="...asdf a sdf<br>").Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. <br>

This issue has already been discussed in this Post 5 years ago but I'm not satisfied with its solution (ie: setting ValidateRequest to false). Why can't  RadEditor just HTML encode its value(s) before POSTing it to the server so it wont trigger ASP.NET's alarm? 

Is there a better work around?

1 Answer, 1 is accepted

Sort by
0
Vasil
Telerik team
answered on 07 Mar 2014, 03:47 PM
Hi Andrew,

The RadEditor encodes the text already. For example in this demo:
http://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx
You can write <test></test> in the Design mode and in the HTML mode you will see that the text is escaped as &lt;test&gt;

So by default it should work correct even with enabled request validation. The problem that you see could be related to your configuration or some errors in the page. If you send us page that we can test, I would be happy to provide you further assistance in resolving the issue.

Regards,
Vasil
Telerik

DevCraft Q1'14 is here! Watch the online conference to see how this release solves your top-5 .NET challenges. Watch on demand now.

Asked by
andrew
Top achievements
Rank 1
Answers by
Vasil
Telerik team
Share this question
or