A potentially dangerous Request.Form value was detected from the client when updating node text from editor

8 posts, 0 answers
  1. Julie
    Julie avatar
    27 posts
    Member since:
    Dec 2008

    Posted 03 Mar 2009 Link to this post

    Hi Telerik Support staff,
    I have the following issue,
    I have a Treeview populating perfectly with server side code, and changing the node text using the editor.content client side.
    I set up a web service to handle load on demand and I end up with the following error:

    A potentially dangerous Request.Form value was detected from the client (RadTreeView1_ClientState="...:{"text":"<span style=\"color:...").

    I load the root nodes from server side, however I add nodes clientside and change the node text client side:

    string connectstr = SqlConnect;

     

     

    SqlConnection Sqlconnect = new SqlConnection(connectstr);

     

     

    string sql = "Select TemplateID, TemplateLineID, TemplateNodeOrder, SectionID, ParentTemplateLineID, NodeLevel, NodeText "+

     

     

    "From TemplateNode " +

     

     

    "Where ParentTemplateLineID is null "+

     

     

    "Order By SectionID ";

     

     

    SqlDataAdapter adapter = new SqlDataAdapter(sql, connectstr);

     

     

    DataTable dataTable = new DataTable();

     

    adapter.Fill(dataTable);

    RadTreeView1.WebServiceSettings.Method =

    "LoadNodes";

     

    RadTreeView1.WebServiceSettings.Path =

    "TemplateLoadOnDemand.asmx";

     

     

     

    foreach (DataRow row in dataTable.Rows)

     

    {

     

    RadTreeNode node = new RadTreeNode();

     

    node.Text = row[

    "NodeText"].ToString();

     

    node.Value = row[

    "TemplateLineID"].ToString();

     

     

    node.ExpandMode =

    TreeNodeExpandMode.WebService;

     

    RadTreeView1.Nodes.Add(node);

    }

     

    My settings for the treeview are :

     

    <

     

    telerik:RadTreeView ID="RadTreeView1" Runat="server" EnableDragAndDrop="true"

     

     

    onnodedrop="RadTreeView1_NodeDrop" EnableDragAndDropBetweenNodes="True"

     

     

    onclientnodedropping="nodeDropping" OnClientContextMenuItemClicking="OnClientContextMenuItemClicking"

     

     

     

     

     

    MultipleSelect="True" OnClientNodeEdited="OnClientNodeEditedHandler"

     

     

    Skin="Outlook" OnContextMenuItemClick="RadTreeView1_ContextMenuItemClick"

     

     

    CheckChildNodes="True" onnodeedit="RadTreeView1_NodeEdit"

     

     

    style="white-space: normal;" PersistLoadOnDemandNodes="true" OnNodeDataBound="RadTreeView1_NodeDataBound"

     

     

    OnClientNodeClicked="OnClientNodeClicked" >

     

     

     


    I did the following to resolve the error but continue to get it....

    In Script Manager I set

     

     

    EnablePartialRendering="False"

     


    Everything works when I don't use the webservice, client side calls and server side calls are perfect.... Its when I load the webservice that I start throwing errors.  The web service loads the child nodes fine... Editing or adding is a big issue when using the web service.

    Thank you in advance for your help.
    ~Julie





  2. Julie
    Julie avatar
    27 posts
    Member since:
    Dec 2008

    Posted 03 Mar 2009 Link to this post

    Further investigation has led to the following
    When I add a node client side, and change the text using the editor, and update the node text with the editor.content (I have track changes set to true).  After this sequence I have a submit button ('save') which posts back to the server to update the database. 
    This will consistently display the error posted for this thread...
  3. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 04 Mar 2009 Link to this post

    Hi Julie,

    It seems you are setting the text of the node to some HTML (<span style=...). This is not supported and is causing the validation error as the ASP.NET runtime detects the html in the treeview hidden field. The only workaround is to set the ValidateRequest attribute of the <%@Page directive to false.

    Regards,
    Albert
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  4. Julie
    Julie avatar
    27 posts
    Member since:
    Dec 2008

    Posted 04 Mar 2009 Link to this post

    Thanks for your quick response on this matter...
    I do not understand why it would work without the webservice, and breaks with the webservice.
    Could you please provide insight...
    ~Julie
  5. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 04 Mar 2009 Link to this post

    Hi Julie,

    The reason for the issue is that you set the text of the node as html and use trackChanges/commitChanges.

    Regards,
    Albert
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  6. Courtney Mills
    Courtney Mills avatar
    3 posts
    Member since:
    Aug 2009

    Posted 09 Jun 2010 Link to this post

    I am getting this problem too, but I don't want to set the ValidateRequest property in the page to false.

    Is there any way to disable change tracking on the treeview, or can Telerik controls use an alternative to form fields to persist state, like session?
  7. Peter
    Admin
    Peter avatar
    6637 posts

    Posted 14 Jun 2010 Link to this post

    Hello Courtney,

    Could you please elaborate on your scenario and describe what exactly you need to achieve? We might be able to offer a workaround if we have a good understanding of your requirement.


    Kind regards,
    Peter
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  8. Courtney Mills
    Courtney Mills avatar
    3 posts
    Member since:
    Aug 2009

    Posted 14 Jun 2010 Link to this post

    Sorry, my post is in the wrong section, I meant to be in the MVC Treeview topic, not the ASP.NET AJAX topic. Thanks anyways!
Back to Top