ck Editor in asp.net error message

Question

0.00/5 (No votes)

See more:

I am using ck editor in my web page. I insert the value of ck editor using com.Parameters.AddWithValue("@article_body", CKEditorControl1.Text); and datatype use ntext. But it shown an error like:

XML

A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$CKEditorControl1="<p>
Hi This is a t...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$CKEditorControl1="<p>
Hi This is a t...").

Source Error:


[No relevant source lines]

Source File: c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\catest\f052c349\bc98a877\App_Web_tqvcnc4d.4.cs

Please any one can help me...Thanks in advance

Posted 10-May-11 21:34pm

rahul dev123

Add a Solution

Comments

Hemant__Sharma 11-May-11 9:02am

Check my updated solution.
Thanks,
Hemant

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

cuteband · Answer 1 · 2011-05-10T22:00:00

Solution 1

what we can do here is to disable the page's validation request.

find this in the html code (i.e. .aspx html markup)

<%Page ....
 add this ValidationRequest= "false"%>

Posted 10-May-11 22:00pm

cuteband

Updated 10-May-11 22:54pm

v3

Comments

rahul dev123 11-May-11 4:16am

Thanks for your solution but i check this code but can't find it. Please help me

Hemant__Sharma 11-May-11 4:48am

@cuteband is asking you to check and update the ValidationRequest attribute in .aspx page's Page directive i.e.
<%@ Page Language="C#" AutoEventWireup="true".... %>

that means the markup of your .aspx file

hope it's clear now.

Thanks,
Hemant

cuteband 11-May-11 4:29am

please paste me the html code of the page

rahul dev123 11-May-11 5:53am

<%@ Page Title="" Language="C#" MasterPageFile="~/includes/Header_Footer1.master" AutoEventWireup="true" CodeFile="article_add.aspx.cs" Inherits="articles_add"%>
<%@ Register Assembly="CKEditor.NET" Namespace="CKEditor.NET" TagPrefix="CKEditor" %>
<%@ Register assembly="FredCK.FCKeditorV2" namespace="FredCK.FCKeditorV2" tagprefix="FCKeditorV2" %>

<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">

<br class="spacer">
<table style="width: 100%" cellpadding="5px" cellspacing="0">
<tr>
<td style="padding-right: 10px" valign="top">

<img alt="Submit Articles" title="Submit Articles" src="../img/articles_submit_main.jpg">
Submit Articles

<br class="spacer">
<table style="width: 98%; color: #808080" cellpadding="10px" cellspacing="0">
<tr>
<td style="padding-left: 30px" valign="top">
<form method="POST" action="article_list_addnotify.asp" name="FrontPage_Form1" önsubmit="return FrontPage_Form1_Validator(this)" language="JavaScript">
Title *<br class="spacer"><br class="spacer">
<asp:TextBox ID="txtTitle" runat="server" Height="20px" Width="228px">
<br class="spacer">
(Will be displayed on on homepage)
<br class="spacer"><br class="spacer"><br class="spacer">

Click here to attach an Image to your Article
<div id="upload">
</div>
<br class="spacer"><br class="spacer"><br class="spacer">
Category *<br class="spacer"><br class="spacer"></form>
<%--<form id="frm2" runat="server">--%>
<asp:DropDownList ID="ddlCategory" runat="server" Height="20px"
Width="250px">

<br class="spacer"><br class="spacer"><br class="spacer">
Full Article *<br class="spacer"><br class="spacer">
<asp:TextBox ID="TextBox1" runat="server" Width="372px">
<br class="spacer"><br class="spacer">
(You can submit a 2-line bio for inclusion)
<br class="spacer"><br class="spacer"><br class="spacer">
Source<br class="spacer"><br class="spacer">
<asp:TextBox ID="txtSource" runat="server" Height="20px" Width="228px">
<br class="spacer"><br class="spacer">
(Kindly post your own original article and provide source of any info used in the article)
<br class="spacer">
* - Required Fields
<br class="spacer"><br class="spacer">
<input id="B2" type="reset" value="Reset" name="B2" runat="server" önclick="return B2_onclick()">

<asp:Button ID="btnSubmit" runat="server" onclick="btnSubmit_Click"
Text="Submit" />

</td>
</tr>
<tr>
<td>
<p align="left" style="font-size:.9em;padding-left: 24px">You can also send us your article or any other contribution that you have at

</p></td>
</tr>
</table>
<br class="spacer">
<

Hemant__Sharma 11-May-11 5:47am

Forgot to vote for right answer :). My 4.

Regards,
Hemant

Hemant__Sharma · Answer 2 · 2011-05-10T23:03:00

actually every aspx request is by default vaidated for attacks ( i.e. script injecton) and if any markup/script is found in a request asp.net doesn't run it.

when you have a simple text in your editor it wont throw any error but if it contains any html/script type text the .aspx will raise the alarm.

although ValidationRequest attribute will solve your problem but you should check the incoming request for such sript injection.

Here is an articles that talks about all.

http://www.asp.net/learn/whitepapers/request-validation[^]

hope it will help.

Thanks,
Hemant

Edit:
add ValidateRequest="false" to the page directive i.e. first line of .aspx markup

Update:
<%@ Page Title="" Language="C#" MasterPageFile="~/includes/Header_Footer1.master" AutoEventWireup="true" CodeFile="article_add.aspx.cs" Inherits="articles_add"%>

to:
<%@ Page Title="" Language="C#" MasterPageFile="~/includes/Header_Footer1.master" AutoEventWireup="true" CodeFile="article_add.aspx.cs" Inherits="articles_add" ValidateRequest="false"%>

Thanks,
Hemant