All geek questions in one place

Automatic disinfection of records in HttpRequestValidationException

Restless question A potentially dangerous Request.Form value was detected from the client:)

Here is my use case: I have an FCKEditor control on a web page that allows users to enter HTML. The exact web page is validated to allow its use, but there are links on my main page that can cause callbacks on other pages.

Obviously, I do not want to unnecessarily refuse to check on every page of my site, but I would like for me to be able to calmly deactivate the input (either by deleting the erroneous field from the request form or checking it).

I see that OnInit or ProcessRequest can be overridden on the page, but I would like to do this on the main page, if possible. (I'm not even sure I can recover from HttpRequestValidationException)

Any idea on how I can do this?

Change . I played with Page_Error, which successfully catches the error, but I cannot find how to resume processing after I verified that the request was really legal.

+3
source share
5 answers

Disable verification because it checks the stage is incorrect in the process.

; . , , , . HTML- HttpUtility.HtmlEncode .

+5

, , Richard, ClearError, HttpRequestValidationException . - :

protected void Application_Error(object sender, EventArgs e) {
    Exception ex = Server.GetLastError().GetBaseException();
    if (ex.Message.StartsWith("A potentially dangerous Request.Form value was detected")) {
        Server.ClearError();
    }
}

, Request.Url / Request.UrlReferer, , FCKEditor.

, .

+1

(post) ()? , , , . , . CSS , , .

0

Edit: I played with Page_Error, which successfully catches the error, but I cannot find how to resume processing after I verified that the request was indeed right:

    protected void Page_Error(object sender, EventArgs e)
    {
        if (Server.GetLastError() is HttpRequestValidationException)
        {
            Server.ClearError();
            //CreateChildControls();
            base.OnPreInit(e); //yeah, ugly as hell
        }
    }

does not work

0
source

Source: https://habr.com/ru/post/1707670/

More articles:


All Articles