A potentially dangerous Request.Form value was detected from the client (data="<input>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. ;
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (data="<input>").
Ok let's say I create a SurfaceController how would I call this directly from ajax (jquery) is there any path (URL) that I can use afretwards? Or should I create a Template just to create a URL?
using (Html.BeginUmbracoForm("HandleContactFormSubmit", new Guid("482F41F2-4F36-11E1-86E5-6A054824019B"), null, new Dictionary<string, object> { { "class", "form-horizontal" } }))
Umbraco v5 - A potentially dangerous Request.Form
I am trying to post a form on umbraco v5 from one page to another and I keep getting the error below. I have checked that the web.config is correct.
Doing a google search i found that this is a problem of MVC and it cannot be configured from the web.config and the only thing that can be done is this: http://coderjournal.com/2009/02/potentially-dangerous-requestform-detected-aspnet-mvc/
Any ideas how I could overcome this problem?
A potentially dangerous Request.Form value was detected from the client (data="<input>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. ;
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (data="<input>").
Is there any way to add this for a template? It is required by MVC to bypass the validation of a form post...
Hi Spyros,
Are you using a SurfaceController?
I have done an example in https://bitbucket.org/jorgelusar/ubootstrap-for-umbraco-v5/src/484158cc04c5/src/Logic/Controllers/ContactFormSurfaceController.cs line 22 where HttpPost and ValidateAntiforgeryToken attributes are used. I have not tried ValidateInput(false) but I think it should work too.
Cheers,
J
Ok let's say I create a SurfaceController how would I call this directly from ajax (jquery) is there any path (URL) that I can use afretwards? Or should I create a Template just to create a URL?
Hi Spyros,
There is a working example on http://bsv5.jlusar.es/contact. As you can see in the view-source:http://bsv5.jlusar.es/contact , you should post to the same page, ie:
As you can see on https://bitbucket.org/jorgelusar/ubootstrap-for-umbraco-v5/src/484158cc04c5/src/Logic/Views/Partial/ContactForm.cshtml, this form tag and its path is created by:
using (Html.BeginUmbracoForm("HandleContactFormSubmit", new Guid("482F41F2-4F36-11E1-86E5-6A054824019B"), null, new Dictionary<string, object> { { "class", "form-horizontal" } }))You should also take into account that a simple ajax post won't work in this example because I'm using the antiforgery token, so please have a look at http://stackoverflow.com/questions/4074199/jquery-ajax-calls-and-the-html-antiforgerytoken to do so, or simply remove the antiforgerytoken if you don't need it.
Cheers,
J
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.