This is a migrated thread and some comments may be shown as answers.

Spell checker fails with .NET 4.0

1 Answer 104 Views
Editor
This is a migrated thread and some comments may be shown as answers.
Steve
Top achievements
Rank 2
Steve asked on 30 Mar 2010, 10:04 PM
I have a basic page with Telerik Editor on it, with spell checking enabled.  The page worked fine in .NET 3.5 - spell checking and all, but since migrating the code to .NET 4.0 RC the spell checking functionality fails with the following error:

A potentially dangerous Request.Form value was detected from the client (CommandArgument="<br>").

What do I have to do to make this with with .NET 4.0? 

Thanks

Full error:

<html> 
    <head> 
        <title>A potentially dangerous Request.Form value was detected from the client (CommandArgument=&quot;&lt;br&gt;&quot;).</title> 
        <style> 
         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}  
         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} 
         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} 
         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } 
         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } 
         pre {font-family:"Lucida Console";font-size: .9em} 
         .marker {font-weight: bold; color: black;text-decoration: none;} 
         .version {color: gray;} 
         .error {margin-bottom: 10px;} 
         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } 
        </style> 
    </head> 
 
    <body bgcolor="white"
 
            <span><H1>Server Error in '/' Application.<hr width=100size=1 color=silver></H1> 
 
            <h2> <i>A potentially dangerous Request.Form value was detected from the client (CommandArgument=&quot;&lt;br&gt;&quot;).</i> </h2></span
 
            <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif "
 
            <b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted.  This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack.  To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: &lt;httpRuntime requestValidationMode="2.0" /&gt;. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the &lt;pages&gt; configuration section.  However, it is strongly recommended that your application explicitly check all inputs in this case.  For more information, see http://go.microsoft.com/fwlink/?LinkId=153133
            <br><br
 
            <b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (CommandArgument=&quot;&lt;br&gt;&quot;).<br><br
 
            <b>Source Error:</b> <br><br
 
            <table width=100bgcolor="#ffffcc"
               <tr> 
                  <td> 
                      <code> 
 
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code> 
 
                  </td> 
               </tr> 
            </table> 
 
            <br> 
 
            <b>Stack Trace:</b> <br><br
 
            <table width=100bgcolor="#ffffcc"
               <tr> 
                  <td> 
                      <code><pre
 
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (CommandArgument=&quot;&lt;br&gt;&quot;).] 
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8809720 
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122 
   System.Web.HttpRequest.get_Form() +114 
   Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) +187 
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100 
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +75 
</pre></code
 
                  </td> 
               </tr> 
            </table> 
 
            <br> 
 
            <hr width=100size=1 color=silver
 
            <b>Version Information:</b>&nbsp;Microsoft .NET Framework Version:4.0.30128; ASP.NET Version:4.0.30128.1 
 
            </font> 
 
    </body> 
</html> 
<!--  
[HttpRequestValidationException]: A potentially dangerous Request.Form value was detected from the client (CommandArgument=&quot;&lt;br&gt;&quot;). 
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) 
   at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) 
   at System.Web.HttpRequest.get_Form() 
   at Telerik.Web.UI.SpellCheckHandler.ProcessRequest(HttpContext context) 
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 
--> 

1 Answer, 1 is accepted

Sort by
0
Georgi Tunev
Telerik team
answered on 31 Mar 2010, 05:49 AM
Hi Marek,

I believe that this sticky forum thread from RadSpell's section will be of help:
Potentially Dangerous Request in ASP.NET 4



All the best,
Georgi Tunev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Tags
Editor
Asked by
Steve
Top achievements
Rank 2
Answers by
Georgi Tunev
Telerik team
Share this question
or