SpellCheck "A potentially dangerous Request.Form value was detected"

Last post 03-10-2014, 7:20 PM by SJochums. 4 replies.
Sort Posts: Previous Next
  •  10-09-2013, 3:13 PM 78085

    SpellCheck "A potentially dangerous Request.Form value was detected"

    Hello,

     

    I am implementing the Classic ASP version of the editor on our site. We have a custom dropdown that contains "tags" the user can enter into a document. The tag format is [^TAG_NAME^].

     

    When I use the spell check feature to verify the document, I get the following error...

     

    "A potentially dangerous Request.Form value was detected from the client (CurrentText="[^Tag1^]<br><br>And here's a..."

     

    When I  use this spell check feature on this post, I don't get the same error.

     

    How do I resolve this issue on my site?I searched the web and forums, but what I found didn't seem to resolve the issue. How do I resolve this issue on my site?

     

    Thanks,

    Chris 

  •  10-10-2013, 12:21 PM 78089 in reply to 78085

    Re: SpellCheck "A potentially dangerous Request.Form value was detected"

    Hi CTietgen,

     

    Please open file \cuteeditor_files\SpellCheck.aspx, ensure that property setting "ValidateRequest="False" has set for the first line below.

     

    <%@ Page Language="C#" ClassName="PopUpSpell" ValidateRequest="False" %>

     

    By the way, what .net framework  version application pool you are for your site? 2.0? 4.0?

     

    Regards,

     

    Ken 

  •  10-10-2013, 12:48 PM 78093 in reply to 78089

    Re: SpellCheck "A potentially dangerous Request.Form value was detected"

    ValidateRequest is indeed set to False. I found that suggestion when I googled for answers, but it didn't work, unfortunately.

     

    I checked with our IT staff and it turns out that the test server I was on was only running .NET Framework 1.1. They changed it to 2.0 and now the spell check works. Thank you!!

  •  03-10-2014, 2:07 PM 80045 in reply to 78089

    Re: SpellCheck "A potentially dangerous Request.Form value was detected"

    Hi,

    I'm having the same type of problem but with CuteEditor_for_NET6.  The Spell Checker with CustomCulture set to Spanish fails when it encounters that language's special characters (i.e.  inglés ).  As I don't have access to SpellCheck.aspx in the .NET release, is there some way this can be fixed?

    Stack trace:

     

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (CurrentText="...ba de ingl&#233;s alerta&lt;/d...").]

       System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8933716

       System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122

       System.Web.HttpRequest.get_Form() +150

       System.Web.HttpRequest.get_HasForm() +9111711

       System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97

       System.Web.UI.Page.DeterminePostBackMode() +69

       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431

       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253

       System.Web.UI.Page.ProcessRequest() +78

       System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21

       System.Web.UI.Page.ProcessRequest(HttpContext context) +49

       ASP.PopUpSpell.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\1019fd21\fa730f43\App_Web_zuffy3ph.0.cs:0

       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100

       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

  •  03-10-2014, 7:20 PM 80046 in reply to 80045

    Re: SpellCheck "A potentially dangerous Request.Form value was detected"

     I've solved the problem.

     

    There was an old pages tag in our web.config for 3.5.  Once that was removed spell checking was working as expected.

     

    Thanks! 

     
View as RSS news feed in XML