I have a basic page with Telerik Editor on it, with spell checking enabled. The page worked fine in .NET 3.5 - spell checking and all, but since migrating the code to .NET 4.0 RC the spell checking functionality fails with the following error:
A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").
What do I have to do to make this with with .NET 4.0?
Thanks
Full error:
A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").
What do I have to do to make this with with .NET 4.0?
Thanks
Full error:
<html> |
<head> |
<title>A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").</title> |
<style> |
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} |
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} |
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} |
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } |
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } |
pre {font-family:"Lucida Console";font-size: .9em} |
.marker {font-weight: bold; color: black;text-decoration: none;} |
.version {color: gray;} |
.error {margin-bottom: 10px;} |
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } |
</style> |
</head> |
<body bgcolor="white"> |
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1> |
<h2> <i>A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").</i> </h2></span> |
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "> |
<b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. |
<br><br> |
<b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").<br><br> |
<b>Source Error:</b> <br><br> |
<table width=100% bgcolor="#ffffcc"> |
<tr> |
<td> |
<code> |
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code> |
</td> |
</tr> |
</table> |
<br> |
<b>Stack Trace:</b> <br><br> |
<table width=100% bgcolor="#ffffcc"> |
<tr> |
<td> |
<code><pre> |
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").] |
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8809720 |
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122 |
System.Web.HttpRequest.get_Form() +114 |
Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) +187 |
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100 |
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 |
</pre></code> |
</td> |
</tr> |
</table> |
<br> |
<hr width=100% size=1 color=silver> |
<b>Version Information:</b> Microsoft .NET Framework Version:4.0.30128; ASP.NET Version:4.0.30128.1 |
</font> |
</body> |
</html> |
<!-- |
[HttpRequestValidationException]: A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>"). |
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) |
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) |
at System.Web.HttpRequest.get_Form() |
at Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) |
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() |
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) |
--> |