TinyMCE Editor: A potentially dangerous Request.Form value was detected from the client

7
votes

I have aspx in that I am calling a ascx user control in that i am using tinymce editor. When I am trying to save data i am getting the error..

A potentially dangerous Request.Form value was detected from the client (UserControl1$TextBox1="

fgh

fghj

I already check A potentially dangerous Request.Form value was detected from the client

I tried:

web.config I set

<pages validateRequest="false">
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
<compilation debug="true" targetFramework="4.0">
<@page validateRequest="false">
Server.HtmlEncode(TextBox1.Text)
encoding: "xml" // This is solving the prob. but Text is converting in HTML tag I don't want that

Please someone help me...

3
c#asp.net

3 Answers

3
votes

Add this to httpRuntime

< httpRuntime requestValidationMode="2.0"  />
3
votes

You can also try adding the encoding attribute : encoding: 'xml' 

<script>
    tinymce.init({
    selector: 'textarea',
    encoding: 'xml' 
}); 
</script>

You can check this link, it says :

encoding: “xml”

– solves “A potentially dangerous Request.Form value was detected”, which won’t allow you to submit the Web Form

0
votes

Any reason why you can't encode the string and store in your database and then just before displaying the encoded string you can simply decode it ?