RadEditor,Track Change Content Security Problem

4 posts, 1 answers
  1. 章民
    章民 avatar
    20 posts
    Member since:
    Oct 2012

    Posted 28 Oct 2012 Link to this post

    I use cookie to save TheEditor's content, but when I load the cookie,visual studio will break at Request.Cookie and show the error message "Detected a potentially dangerous Request.Cookies value from the client, please reference http://go.microsoft.com/fwlink/?LinkID=212874"
    Does someone know how to solve this problem?
    Protected Sub ButtonSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles ButtonSave.Click
        Response.Cookies("myText").Value = theEditor.Content
    End Sub
      
    Protected Sub ButtonLoad_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles ButtonLoad.Click
        theEditor.Content = Request.Cookies("myText").Value
    End Sub

  2. Rumen
    Admin
    Rumen avatar
    14324 posts

    Posted 31 Oct 2012 Link to this post

    Hello,

    I think that it is not a good idea to save the content in a cookie due to that the cookie has a quite limited size and the security issues that its usage imposes.

    Try to encode the < and > symbols to &lt; and &gt;. Have you also tried to disable the validation as suggested in http://go.microsoft.com/fwlink/?LinkID=212874?

    Regards,
    Rumen
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
  3. 章民
    章民 avatar
    20 posts
    Member since:
    Oct 2012

    Posted 01 Nov 2012 Link to this post

    Thanks. But now I use session.
    Protected Sub ButtonSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles ButtonSave.Click
        Session("txt") = theEditor.Content
     
    End Sub
     
    Protected Sub ButtonLoad_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles ButtonLoad.Click
        theEditor.Content = Session("txt")
    End Sub
  4. Answer
    Dobromir
    Admin
    Dobromir avatar
    1633 posts

    Posted 05 Nov 2012 Link to this post

    Hi Akira,

    Have you tried encoding/decoding the RadEditor's content as Rumen sugested in his answer?

    In order to safely encode/decode the editor;s content you can use HttpServerUtility's EncodeHtml() and DecodeHtml() methods.

    Regards,
    Dobromir
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
Back to Top