I have a basic page with Telerik Editor on it, with spell checking enabled. The page worked fine in .NET 3.5 - spell checking and all, but since migrating the code to .NET 4.0 RC the spell checking functionality fails with the following error:
A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").
What do I have to do to make this with with .NET 4.0?
Thanks
Full error:
A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").
What do I have to do to make this with with .NET 4.0?
Thanks
Full error:
| <html> |
| <head> |
| <title>A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").</title> |
| <style> |
| body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} |
| p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} |
| b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} |
| H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } |
| H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } |
| pre {font-family:"Lucida Console";font-size: .9em} |
| .marker {font-weight: bold; color: black;text-decoration: none;} |
| .version {color: gray;} |
| .error {margin-bottom: 10px;} |
| .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } |
| </style> |
| </head> |
| <body bgcolor="white"> |
| <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1> |
| <h2> <i>A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").</i> </h2></span> |
| <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "> |
| <b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. |
| <br><br> |
| <b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").<br><br> |
| <b>Source Error:</b> <br><br> |
| <table width=100% bgcolor="#ffffcc"> |
| <tr> |
| <td> |
| <code> |
| An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code> |
| </td> |
| </tr> |
| </table> |
| <br> |
| <b>Stack Trace:</b> <br><br> |
| <table width=100% bgcolor="#ffffcc"> |
| <tr> |
| <td> |
| <code><pre> |
| [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").] |
| System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8809720 |
| System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122 |
| System.Web.HttpRequest.get_Form() +114 |
| Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) +187 |
| System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100 |
| System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 |
| </pre></code> |
| </td> |
| </tr> |
| </table> |
| <br> |
| <hr width=100% size=1 color=silver> |
| <b>Version Information:</b> Microsoft .NET Framework Version:4.0.30128; ASP.NET Version:4.0.30128.1 |
| </font> |
| </body> |
| </html> |
| <!-- |
| [HttpRequestValidationException]: A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>"). |
| at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) |
| at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) |
| at System.Web.HttpRequest.get_Form() |
| at Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) |
| at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() |
| at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) |
| --> |
1 Answer, 1 is accepted
0
Hi Marek,
I believe that this sticky forum thread from RadSpell's section will be of help:
Potentially Dangerous Request in ASP.NET 4
All the best,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
I believe that this sticky forum thread from RadSpell's section will be of help:
Potentially Dangerous Request in ASP.NET 4
All the best,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.