MVC :: Validation Of XML Content - Error "disabling Request Validation The Only Way To Get The Post To Work"
Sep 30, 2010
Is there a way to disable request validation on an action without having to add the line <httpRuntime requestValidationMode="2.0"/> to Web.config? I'm currently posting XML to a controller action and get the "A potentially dangerous Request.Form value..." error. Is disabling request validation the only way to get the post to work, or is there some way I can intercept and encode the value that contains XML between the view and the controller action?
I am testing my web site to allow people to navegate despite having the javascript feature disabled but the asp validation control dont work in this mode.
I am working with master pages and I have the the text box I want to validate inside a panel to enable my nextbutton to work like enter like this:
jQuery validation is working fine on my machine, when i pushed it to test server it won't it's throwing some errors which is kind of surprising.These are the errors I am getting: $.validator is null or not an object...I've never gotten this error before and it throwing an error when I declared a variable like var isValid.I don't know what to do. I am doing the custom validation methods not in the document.ready(). Does this cause this error? I wonder because all jquery validations are passing and hitting the server side validations.
I got a view that uses the ajax.beginform tag.This works great but if I want to do some validation to the data and then return a error message to the page it doesnt work for me.Here my code :
Does any one know how to disable a Html.TextBoxFor HtmlHelper from showing an error via class="input-validation-error", I would like the handle error only via Html.ValidateFor not from the TextBoxFor.
I am using one datalist control for uploading multiple images.I hv used one Asp:FileUplaod Control and one button in one itemtemplate.I am using reqired field validator and regular expression validator for file upload cntrl I am assigning validation group for both of them on ItemDataBound event of my datalist so that each upload cntrl hv same validaton group as required field and regular expression validator.Now what i want to do is - i want to show my error message in validation summary which is right at the top of the page.I want one know how to write javascript that will assign validation group of my control in datalist on which i click ?
I have very simple validation on the aspx page (highlighting not valid textbox), and it works perfectly. But when I try to work with this page using MasterPage, I've got an error - "Object reference not set to an instance of an object." (with reference to the line "aControl.BackColor=Drawing.Color.White" - underlined).
how I can enable or disable asp.net validation controls using jQuery from client side. It is required to do so that valdiations can be done on button press.
I have a search control in my master page with the following validation on the search btn's OnClientClick:
[Code]....
Then in the content page I have various controls with validation and a validation summary. I have few custom validators on the content page like below:
[Code]....
which uses the clientvalidationsfunctions which set the validity of the page.Now when I leave the search box in the header blank and I click the submit btn in the content page it posts me back to same (source) page and while debugging I find that the Page.IsValid is false. But if I write something in the search textbox in the master page and the fill the required fields in the content page and click the submit btn in content page it works fine. Why is that so? My validation groups are different on master page and content page.
For the release of Microsoft MVC 2.0 RC2, can someone go into further detail on the following BUG/FIX: You can now programmatically disable client validation for a submit button (an input elements whose type attribute is set to "submit") even if the button does not have its name attribute set, whereas before it required the name attribute.Does this apply to the HTML Helper Submit Button or the input submit button? How would I disable client validation for a submit button? I tried using the htmlAttribute causesvalidation="false" on a HTML Helper Submit button and it did not work.
I have a GridView and I need update some data inserting HTML CODE; I would need this data been stored encoded and decoded on request.
I cannot in any way disable globally "Request Validation" and not even at Page Level, so I would need a solution to disable "Request Validation" at Control Level.
At the moment I am using a script which should Html.Encode every value being update, butt seems that "Request Validation" start its job before event RowUpdating, so I get the Error "Page A potentially dangerous Request.Form ... ".
When I fire a get request to a view in my application for some reason my model validation messages are displaying immediately on the page even before a form submit.
I read that I need to turn the validation to version of 2.0 to make the validateRequest="false" attribute working. Well, but how to allow requests containing html in 4.0? How can I keep the 4.0 validation scheme and allow such request to come in, say for particular web page?
I don't understand why I should lower the security of other requests like web services . So what's the 4.0 way of doing that, really?
I have always been able to turn off request validation on IIS and cassini when I need to post HTML from an HTML Editor. Problem is I can't seem to do so on IIS express. Have tried the following:
I created a little web service to minify JavaScript, and everything was nice, with all my tests passing. Then I noticed a bug: if I tried to minify alert('<script>');, it would throw a HttpRequestValidationException.
So that's easy enough to fix. I'll just add [AllowHtml] to my controller. But what would be a good way to unit test that this doesn't happen in the future?
The following was my first thought:
[TestMethod] public void Minify_DoesntChokeOnHtml() { try { using (var controller = ServiceLocator.Current.GetInstance<MinifyController>()) { return controller.Minify("alert('<script></script>');"); } } catch (HttpRequestValidationException) { Assert.Fail("Request validation prevented HTML from existing inside the JavaScript."); } }
However, this doesn't work since I am just getting a controller instance and running methods on it, instead of firing up the whole ASP.NET pipeline.
What would be a good unit test for this? Maybe reflector on the controller method to see if the [AllowHtml] attribute is present? That seems very structural, and unlikely to survive a refactoring; something functional might make more sense.
When a user presses Button1 on the Webpage, I would like to copy slightly modified string from txt1 (Text) into txt2 (Text). The problem is sometimes I get an error "a potentially dangerous request.form value was detected from the client validaterequest". I get this error when special symbols llike "<" or ">" are in txt1.Text.I've read about that problem. That error is to prevent from hackers who can input scripts into the txt1.All I did is:
1) Put validateRequest="false" into <%@ Page Language="VB" validateRequest="false" at Default.aspx.
Now it works and allows to take any data from txt1, slightly modify it and put into txt2.So, my question is: Did a level of security was reduced after I wrote validateRequest="false" ? Any code should be added to keep the good level of security? Or, I'd better use another way to copy txt1 to txt2?
I have orders page. When user submit Order, I need to disable the button to avoid multiple transactions. I also have few validation controls on the page, so button should not be disabled untill page is about to be posted. I dont have any custom javascript for validation. It is just these asp.net validation controls. What is the best way to achieve that? I have spend about 2 hours on google and found various solutions, but nothing seems to work. Each has some issue. On button I add OnClientClick="return btnOnClick this, 'Payment');" Below is what gets called. Unfortunately if I disable button, it cancels post back. So I am calling dopostback and also adding few lines on server side to see which button caused postback. It works fine in IE8 and Chrome. But for Firefox on server side arg comes null. Any ideas what is wrong with my code? Or any other suggestions to do it in a better way?
C# Server side string arg = this.Request.Params.Get("__EVENTTARGET"); if (arg == "Payment") { this.ProcessPayment(); } Button <asp:Button ID="btnSubmitPO" OnClientClick="return btnOnClick(this, 'Payment');" runat="server" Text="Submit Order" ValidationGroup="G" /> alert(group);
I have been playing with mvc for a few months now and one of the best things I thought was when there is validation errors the UPDATEMODEL method in controller is smart enough to automatically add errors to model state and return the view back to the input page with data entered and error message. Here is where I got a question - how does the controller put back the data that I entered initally? I looked for model, request and response object and none of them have the (invalid) data I entered. Here is an example of my general coding that I do:
I have a form that I have been getting submissions that have punctuation and special characters that trigger the potentially dangerous Request.Form value error. I have been trying use the httpUtility.htmlencode and Server.htmlencode method to sanitize textboxes and textareas.All my tests do not fire because the built-in request validation of the 4.0 framework prevents the code-behind from executing to perform the sanitization. I have included the ValidateRequest in the page header but no matter what I set it too it still does the same thing.
I'm attempting to write a unit tests for an ASP.NET MVC 2 post action that takes a view model as its sole parameter. The view model is decorated with validation attributes such as [Required]. I'd like to test two scenarios. The first scenario is when a valid set of data is passed in (ie, all required properties have values) and a redirect to the list page is returned. The second scenario involves passing in invalid data (eg, when one or more of the Required properties are not set). In this case the same view is returned with error messages.The action signature is as follows:
[HttpPost] public virtual ActionResult Create(NewsViewModel model)
The NewsViewModel class is as follows:
public class NewsViewModel { public Guid Id { get; set; }
