My engine is Aspx.
How can I decode/encode the html tags that is in my text box.
I have the html tag
to make it more readable.
I tried the ValidationRequest and the htmlDecode(freqQuestion.Answer) but no luck.
I just keep getting the same message.
Server Error in '/Administrator' Application.
A potentially dangerous Request.Form value was detected from the client (QuestionAnswer="...ics Phone:
123-456-7890Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: . After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
View Page
<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" validateRequest="false" Inherits="System.Web.Mvc.ViewPage<dynamic>" %>
<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
EditFreqQuestionsUser
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<script type="text/javascript">
$(document).ready(function () {
$("#freqQuestionsUserUpdateButton").click(function () {
$("#updateFreqQuestionsUser").submit();
});
});
</script>
<h2>Edit Freq Questions User </h2>
<%Administrator.DarkstarAdminProductionServices.FreqQuestionsUser freqQuestionsUser = ViewBag.freqQuestionsUser != null ? ViewBag.freqQuestionsUser : new Administrator.DarkstarAdminProductionServices.FreqQuestionsUser(); %>
<%List<string> UserRoleList = Session["UserRoles"] != null ? (List<string>)Session["UserRoles"] : new List<string>(); %>
<form id="updateFreqQuestionsUser" action="<%=Url.Action("SaveFreqQuestionsUser","Prod")%>" method="post">
<table>
<tr>
<td colspan="3" class="tableHeader">Freq Questions User Details <input type ="hidden" value="<%=freqQuestionsUser.freqQuestionsUserId%>" name="freqQuestionsUserId"/> </td>
</tr>
<tr>
<td colspan="2" class="label">Question Description:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionDescription" value="<%=freqQuestionsUser.questionDescription%>" />
</td>
</tr>
<tr>
<td colspan="2" class="label">QuestionAnswer:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionAnswer" value="<%=Server.HtmlDecode(freqQuestionsUser.questionAnswer)%>" />
</td>
</tr>
<tr>
<td colspan="3" class="tableFooter">
<br />
<a id="freqQuestionsUserUpdateButton" href="#" class="regularButton">Save</a>
<a href="javascript:history.back()" class="regularButton">Cancel</a>
</td>
</tr>
</table>
</form>
</asp:Content>
Controller
[AuthorizeAttribute(AdminRoles = "EditFreqQuestionsUser")]
public ActionResult SaveFreqQuestionsUser(string QuestionDescription, string QuestionAnswer)
{
Guid freqQuestionsUserId = Request.Form["freqQuestionsUserId"] != null ? new Guid(Request.Form["freqQuestionsUserId"]) : Guid.Empty;
//load agreement eula ref
AdminProductionServices.FreqQuestionsUser freqqQuestionsUser = Administrator.Models.AdminProduction.FreqQuestionsUser.LoadFreqQuestionsUser(freqQuestionsUserId, string.Empty, string.Empty)[0];
freqqQuestionsUser.questionDescription = QuestionDescription;
freqqQuestionsUser.questionAnswer = QuestionAnswer;
//save it
Administrator.Models.AdminProduction.FreqQuestionsUser.addFreqQuestionsUser(freqqQuestionsUser);
return RedirectToAction("SearchFreqQuestionsUser", "Prod", new { FreqQuestionsUserId = freqQuestionsUserId });
}
<td colspan="2" class="label">Question Description:</td>
should be<td colspan="2" class="label"><label for="QuestionDescription">Question Description:</label></td>
and<input type="text" maxlength="2000" name="QuestionDescription" value="<%=freqQuestionsUser.questionDescription%>" />
should be<input type="text" maxlength="2000" name="QuestionDescription" value="<%=freqQuestionsUser.questionDescription%>" id="QuestionDescription" />
. In conclusion, I added<label for="QuestionDescription">Question Description</label>
and I added theid="QuestionDescription"
to the input. – David Bélanger