9
votes

I have a WYSIWYG editor embedded on a user control that obviously goes into a web page. When I submit the page, I am getting the "A potentially dangerous Request.Form value was detected from the client" exception. In previous versions of .NET, I would just turn off ValidateRequest for the page.

However, in .NET 4.5, it seems to have a property of ValidateRequestMode. When I set this to disabled, I still continue to get the error. There isn't much out there yet regarding .NET 4.5 errors so does anyone know the solution?

Thanks in advance.

2
As an alternative you could use javascript to encode the the content of your wyswing editor before submitting to server. That way you don't need to disable validation.m0s
I'm using the newest TinyMCE editor (version 3.5.6) and it has a built in option for encoding the content, which I am already using. So this should encode it. But I'm still getting the error.Ricketts

2 Answers

15
votes

I found the issue. It had to do with the TinyMCE editor needing to have the content encoded prior to the code behind trying to read and post it. The solution was to encode via javascript as m0s suggested. TinyMCE has a built-in option you can set

encoding: "xml"

Which I had set but it doesn't encode apostrophes, which I had in the content. So in order to fix it, you have to add this to the TinyMCE init function on the page:

TinyMCE 3.x

setup: function (ed) {
    ed.onSaveContent.add(function (i, o) {
        o.content = o.content.replace(/&#39/g, "&apos");
    });
}

TinyMCE 4.x

setup: function(editor) {
    editor.on("SaveContent", function(i) {
        i.content = i.content.replace(/&#39/g, "&apos");
    });
}

I found the solution here: http://blog.tentaclesoftware.com/archive/2012/05/21/asp-net-4-0-tinymce-and-ldquoa-potentially-dangerous-request.aspx

Hope that helps someone!

1
votes

I solved this by adding [AllowHtml] before content property public virtual string content{ get; set; }.