ValidateRequest=False "sort of" ignored

Last post 10-05-2005, 10:52 PM by Ben Amada. 4 replies.
Sort Posts: Previous Next
  •  10-03-2005, 3:21 AM 11290

    ValidateRequest=False "sort of" ignored

    I just downloaded the CuteSoft editor for evaluation purposes and am experiencing a strange problem.  I have the editor on a popup aspx page that I open from my main webform passing the popup window some HTML via querystring.  I have set validaterequest = False on the popup webform so .NET won't give me the usual warning/error message.

    Problem is that when the popup webform (with the editor) opens, for about one (1) second I see .NET's warning about how "A potentially dangerous Request.QueryString value was detected from the client" inside CuteSoft's editor window.  Then the warning disappears and everything works fine.  Interestingly, even though I see this warning in IE, I don't see it in Firefox.

    This .NET warning is appearing on both my localhost and the temporary development webserver I have put CuteSoft editor on (purely for testing purposes).

    Any ideas on what's going on?

    Thank you,
    Ben

  •  10-03-2005, 2:20 PM 11312 in reply to 11290

    Re: ValidateRequest=False "sort of" ignored

    Ben,
     
    You should Server.UrlEncode the passing parameter before sending it to the user.

    Please note that it's not a requirement of CuteEditor, it's a requirement of ASP.NET 1.1.


     
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  10-03-2005, 7:20 PM 11320 in reply to 11312

    Re: ValidateRequest=False "sort of" ignored

    Hello Adam,
     
    Thank you for your response.  I understand what you're saying, however I'm still having problems because I'm opening the webform using the "window.open" JavaScript function -- and I'm also using JavaScript's "escape()" function to encode the HTML I'm passing to the webform.  Here's what my JavaScript looks like:
     
    function BringUpEditWindow(vText, vID) {
      var url = 'edittext2.aspx?id=' + vID + '&text=' + escape(vText);
      window.open(url,"Test","width=800,height=300,resizable=yes,scrollbars=yes,location=yes,status=yes");
    }
     
    In the Address Bar of the popup webform, it shows the encoded text:
     
    %3Cfont%20size%3D%224%22%3Etest%3C/font%3E
     
    So it appears to be encoded, HOWEVER, I did notice that if I put a breakpoint in the codebehind file and view the contents of Request.QueryString("text"), the encoded HTML appears to be DEcoded -- even though I haven't explicitly decoded it.  I'm thinking this might be part of the problem.
     
    I'm going to play around with this some more, but if you have any suggestions, I'm all ears :)
     
    Thank you,
    Ben
  •  10-03-2005, 9:51 PM 11324 in reply to 11312

    Re: ValidateRequest=False "sort of" ignored

    Okay, to simplify things, what I've done is create a brand new .ASPX page with the CuteEditor control on it.  That is the only thing on the webform, and there is nothing in the codebehind.  I set validaterequest="false" in the page directive.  Here is the URL:
     
     
    If you go to the above URL in Internet Explorer, you should see a .NET warning inside the CuteEditor window for about one second (maybe half a second), then the warning disappears.

    If you remove the querystring, everything works fine.  However, for my needs, I need to pass some encoded HTML to the webform.
    Adam or anyone else using IE -- do you think you could give that a try and tell me what you see?
     
    Thanks very much for your patience!
    Ben
  •  10-05-2005, 10:52 PM 11466 in reply to 11324

    Re: ValidateRequest=False "sort of" ignored

    Adam --
     
    Have you had a chance to see how the CuteEditor control works in Internet Explorer at the URL in my previous message?
     
    I've tried removing the reference to CuteEditor - then adding it back, but am still seeing the same error message flash on the screen.  I'm beginning to think it's a CuteEditor problem since I don't get any .NET errors with another WYSIWYG editor I'm evaluating.
     
    I really hope we can find a resolution to this problem as quite a few of the people I work with are happy with CuteEditor, but will probably have to go with another editor if this error message keeps popping up (most of our customers are using Internet Explorer).
     
    Thank you,
    Ben
View as RSS news feed in XML