This is a migrated thread and some comments may be shown as answers.

Potentially Dangerous Request in ASP.NET 4

5 Answers 280 Views
Spell
This is a migrated thread and some comments may be shown as answers.
Matthias Otto
Top achievements
Rank 1
Matthias Otto asked on 20 Mar 2010, 08:36 PM
Hi,

I am getting a popup with "Error 500: Potentially Dangerous Request" when trying to use RadSpell on multiple controls in ASP.NET 4. The error occurs the moment I click "Check Spell".

Reproduction: Create a fresh ASP.NET 4 project (VB) and add the HTTPRequestHandler for RadScriptManager and RadSpell to the web.config through Telerik's SmartTags. Then add the RadScriptManager and RadSpell to your Default.aspx, create two basic text inputs and try hook up both (i.e. ControlsToCheck="TextBox1,TextBox2")

Web.config (excerpt)
        <httpHandlers> 
            <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false"/> 
            <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false"/> 
            <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false"/> 
        </httpHandlers> 
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/></system.web> 
    <system.webServer> 
        <modules runAllManagedModulesForAllRequests="true"
        </modules> 
        <validation validateIntegratedModeConfiguration="false"/> 
        <handlers> 
            <add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler"/> 
            <add name="Telerik_Web_UI_SpellCheckHandler_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler"/> 
            <add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource"/> 
        </handlers> 
    </system.webServer> 


Default.aspx
<%@ Page Title="Home Page" Language="vb" MasterPageFile="~/Site.Master" AutoEventWireup="false" 
    CodeBehind="Default.aspx.vb" Inherits="RadSpellTest._Default" %> 
 
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %> 
 
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent"
</asp:Content> 
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent"
    <h2> 
        Welcome to ASP.NET! 
    </h2> 
     
     <telerik:RadScriptManager ID="RadScriptManager1" runat="server" /> 
 
     <input type="text" id="TextBox1" /> 
 
     <input type="text" ID="TextBox2" /> 
 
     <telerik:RadSpell ID="RadSpell1" Runat="server" ControlsToCheck="TextBox1,TextBox2" IsClientID="True" SupportedLanguages="en-US,English" /> 
 
</asp:Content> 
 

Attached you can find a screenshot of the error message.

Note: It does work when TargetFramework of the project is set to 3.5 instead of 4.0 or if RadSpell is given only one ControlToCheck.

Thanks for any help,
Matt

5 Answers, 1 is accepted

Sort by
0
Matthias Otto
Top achievements
Rank 1
answered on 20 Mar 2010, 08:52 PM
Apparently, ASP.NET 4 validates every request that is received. Older versions of ASP.NET only validated requests to ASPX pages.


    Telerik-Team, please update your handlers to make them pass ASP.NET 4 request validation.


Workaround: In the meantime, you will have to disable the new request validation by setting <httpRuntime requestValidationMode="2.0" /> in <system.web> in you web.config.
<configuration> 
 
  <system.web> 
 
    <httpRuntime requestValidationMode="2.0" /> 
    ... 
  </system.web> 
  ... 
</configuration> 
     


SourceStackOverflow

0
Lini
Telerik team
answered on 23 Mar 2010, 12:25 PM
Hello Matt,

We plan to release an update to the RadControls for ASP.NET AJAX once the official VS 2010 build is out. The problem with RadSpell will be fixed there. I apologize for the inconvenience this has caused you.

Best wishes,
Lini
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Matthias Otto
Top achievements
Rank 1
answered on 23 Mar 2010, 03:08 PM
No need to apologize.

Until the release of the mentioned update, it may make sense for you to add a page to the current ASP.NET ASPX Documentation. I suppose that many people are trying to use your tools in VS2010 right now and would be stumbling over the same problems as I am.

Thanks,
Matt
0
Georgi Tunev
Telerik team
answered on 25 Mar 2010, 09:59 AM
Hi Matt,

Because customers will receive the updated documentation with the Service Pack, we decided that it is best to set this thread as a sticky one in the forum so the information will be available to all that visit it.

Thank you very much for bringing this problem to our attention. Your points have been updated.

Best wishes,
Georgi Tunev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
sdfsdf sdfdsf
Top achievements
Rank 1
answered on 31 Mar 2010, 11:27 PM
It's not as simple as 'fixing the handlers' - AFAIK you have no option to prevent ASP.NET 4 stepping in front of you and blocking any request that contains HTML, unless you switch the mode back to 2.
Tags
Spell
Asked by
Matthias Otto
Top achievements
Rank 1
Answers by
Matthias Otto
Top achievements
Rank 1
Lini
Telerik team
Georgi Tunev
Telerik team
sdfsdf sdfdsf
Top achievements
Rank 1
Share this question
or