This is a migrated thread and some comments may be shown as answers.

Allow Unsafe Script in Rad Grid

8 Answers 71 Views
Grid
This is a migrated thread and some comments may be shown as answers.
padmaja
Top achievements
Rank 1
padmaja asked on 18 May 2009, 10:05 AM
Hi All,

Am using Telerik Grid control in one of my web page. In this telrik grid to edit the Grid row am Using EditForm User control
Please see below my code 
 
  <EditFormSettings UserControlName="~/editform.ascx" EditFormType="WebUserControl" > 
                        <EditColumn UniqueName="EditCommandColumn">  
                        </EditColumn>                          
                    </EditFormSettings> 
And I turn ON the Validate Request property in my web config file
<pages validateRequest="true" theme="Original"
But one of the text box inside my User control i want to allow HTML tags. Ex: <ADV> this is a sample advertisement </ADV>
When I type above text its giving me "Potentially dangerous request" error. which is correct because i turn ON validate Request property in the web config file.

But In My case I want to overcome this problem for a single text box which am using in my UserControl.
Could you please help me how can I allow Unsafe Script to one text box  with out chnaging my web config ValidateRequest property...


8 Answers, 1 is accepted

Sort by
0
Georgi Krustev
Telerik team
answered on 21 May 2009, 08:04 AM
Hello Padmaja,

Unfortunately you cannot validate partially the input from the browser when the ValidationRequest is set to "true". I will suggest you turn off it for the current page. Here is a code snippet showing how to achieve this:
<%@ Page ValidateRequest="false" 

Additionally if you need to validate the input you need to accomplish this task by hand.

Regards,
Georgi Krustev
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
padmaja
Top achievements
Rank 1
answered on 22 May 2009, 02:17 AM

Hi Telerik Team,

What you said was correct.
But i dont want to turn off my ValidateRequest=False. Because in this control i have another textboxes. for those textboxes i don't want to allow user to type unsafe script. I just want to allow user to type unsafe script in only one textbox.

For this purpose I already wrote a code and mapped in web config file to overcome this unsafe script for  a particular textbox,
All are working fine. But when i come to Telerik Grid EditFormSettings it's not working. Every page i apply the code example like below.

Protected Overrides Sub OnLoad(ByVal e As EventArgs)  
        MyBase.OnLoad(e)  
        If Not Page.IsPostBack Then  
            Page.Form.Attributes("onsubmit") += "getSMSTextBoxValue('" + Me.txtSMSText.ClientID + "');"  
        End If  
End Sub 
txtSMSText is the one i want to allow user to enter unsafe script.  For all other situation working except Telerik Grid <EditFormSettings>.

Assume am using TextBox1 inside my editform settings user control
After I run my web page and when i go and right click > ViewSource > I can't see clientID for this textbox.

When I apply my above code inside the user control and also i applied main page which having telerik grid. both cases was not working. I understand that there is no clientId was generating in the view source. for this the javascript can't execute.

Could you please help me where should i go and apply this script to overcome my problem ...

Please help me am working in this from past 1 and half week ....



0
Georgi Krustev
Telerik team
answered on 25 May 2009, 09:26 AM
Hello Padmaja,

It is expected the control placed in the EditFormSettings not to be rendered on the page when RadGrid is not in edit mode. The edit form is build dynamically and to get the client id of the control you need to wire the ItemCreated event. In it you need to check whether the passed e.Item is GridEditableItem. When this condition is true you can find the required textbox and get its client id. For further information you can examine this online help article devoted on the same matter.

Regards,
Georgi Krustev
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
padmaja
Top achievements
Rank 1
answered on 26 May 2009, 10:14 AM
Hi Telerik team,

Thank you very much for your reply.

What I search in the Forums I got this code and I also applied in the Grid Item Created event .Inside this I check whether the passed e.Item is GridEditableItem and i can get client ID of my TextBox. But my problem was implementing the below code.
Example : Default1.aspx page I have Textbox1, textBox2, Label, Button, DropDownListBox. Web config file i set validateRequest="true" 
My requirement : I should eneter HTML tags inside the Textbox.
To bypass this ValidateRequest=True logic I added some javascript code in the Page Load event and passing the TextBox1 ClientID to that javascript method. Please see below code for sample.
Protected Overrides Sub OnLoad(ByVal e As EventArgs)     
        MyBase.OnLoad(e)     
        If Not Page.IsPostBack Then     
            Page.Form.Attributes("onsubmit") += "getSMSTextBoxValue('" + Me.txtSMSText.ClientID + "');"     
        End If     
End Sub    
 
The above code was working fine for all pages.
When I come Telerik Grid Using <EditFormSettings> using User control.

My Telerik Grid page name was : Default2.aspx (Having TelerikGrid, Button, DropDownBOc,RadCalendar)
My UserControl Page was : UserControl1.ascx

On Item Created event i can generate Client ID of the TextBox. But the above code I applied in UserControl1.ascx. No build error but when i try to do any postback events for other controls (Button click,DropDown SelectedIndex Changed) which am using in Default2.aspx. Its giving "Potentially dangerous Request error."

I also understand that After Run the whole web application I go to Default1.aspx > Right Click > Go to View Source > I can see client ID of TextBox1
But If I go to Defaul2.aspx > Click Inside TelerikGrid Edit Button > User Control opens to edit >Right Click > Go to View Source > I can't see client ID.

Please give me advice where should i go and apply my above function for UserControl1.ascx textbox.

           
       
0
Georgi Krustev
Telerik team
answered on 28 May 2009, 01:31 PM
Hello Padmaja,

I will suggest you to reference the loaded user control as edit form and find the TextBox. Hence add the required JavaScript code. Here is a code snippet showing how to achieve this:
Protected Sub RadGrid1_ItemCreated(sender As Object, e As GridItemEventArgs) 
    If TypeOf e.Item Is GridEditableItem AndAlso e.Item.IsInEditMode Then 
 
        Dim editItem As var = TryCast(e.Item, GridDataItem) 
 
        Dim ucID As String = TryCast(GridEditFormItem.EditFormUserControlID, String
 
        Dim textBox As TextBox = TryCast(e.Item.FindControl(ucID).FindControl("txtSMSText"), TextBox) 
 
                Page.Form.Attributes("onsubmit") += "getSMSTextBoxValue('" + textBox.ClientID + "');" 
    End If 
End Sub 
 

For further information how to reference the edit form review this help article.

Best wishes,
Georgi Krustev
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
padmaja
Top achievements
Rank 1
answered on 02 Jun 2009, 08:16 AM
Hi Telerik team,

What you given was working very good and fine. Thank you very much for your help.

But am facing another problem.

I have Default1.aspx and TelerikGrid.ascx and EditForm.ascx .

TelerikGrid.ascx : This page contains telerik grid. inside telerik grid in Edit Form settings am calling EditForm.ascx. Please see sample code below
<EditFormSettings UserControlName="~/editform.ascx" EditFormType="WebUserControl" >    
                        <EditColumn UniqueName="EditCommandColumn">     
                        </EditColumn>                             
                    </EditFormSettings>    
 
Default1.aspx : Inside this page am calling TelerikGrid.ascx user control.
Case : 1
When i implement in my project the above logic
Run default1.aspx> Click Edit Image in Grid > Right Click on Web Interface > Click View Soure > i can't see EditForm Controls IDs in view source

Case : 2
When i implement same above logic for Test project
Run default1.aspx> Click Edit Image in Grid > Right Click on Web Interface > Click View Soure > i can see EditForm Controls IDs in view source

In my project am using Radwindow Manager and Rad Ajax Panel and RadContent Manager . Could you please give me a idea why its not generating View source. Because of this what ever i apply Page.Form.Attributes("onsubmit") it's not firing..

Can you give me a suggestion what could be the reason View source can't generated for EditForm User Control in my web application...
Please help me ......

0
padmaja
Top achievements
Rank 1
answered on 02 Jun 2009, 09:00 AM
Hi Telerik Team,

Here for your understanding I attach the files . Pleas elook at it.
1. MasterPage.master
2. Inbox.Aspx (Which is the one calling DataGridControl.ascx)
3. dataGridControl.ascx (is my usercontrol which having editform.ascx settings)
4.EditForm.ascx is the one am calling inside rad Grid


Could you please guide me how to attach files to this forum
0
Georgi Krustev
Telerik team
answered on 04 Jun 2009, 08:36 AM
Hello Padmaja,

In order to attach the required files I will suggest you open a regular support ticket and send them to us. Thus I will be able to investigate the problem and advise further.

Best wishes,
Georgi Krustev
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
Tags
Grid
Asked by
padmaja
Top achievements
Rank 1
Answers by
Georgi Krustev
Telerik team
padmaja
Top achievements
Rank 1
Share this question
or