Security :: Displaying Html Received Via Post?
May 17, 2010
I created a page that receives an html report from post data. This html is split up into pages and displayed in divs (as well as used to create a .pdf file but I don't think that is a security risk if the displaying it isnt a risk).
My concern is that I had to set ValidateRequest="false" in order to be able to do this. If the page somehow received malicious input with a serverside script or something, would the script run / could this be dangerous?
This is how I'm handling the request: I have a div with runat="server." Then, in the page_load event (i'm using vb.net codebehind) i set the div.innerHTML property to a modified version of the html received via post.
View 2 Replies
Similar Messages:
May 11, 2010
I need to allow the outsite users to login to my CMS through HTTP Post method.
My question is:
How shall I respond to the received requests and what I will return?
View 5 Replies
Nov 16, 2010
I am posting back to the server to check the DB to see if we hold a reference number. If the reference number does not exist I set two custom validators to invalid and change the ValidationSummary header text. The problem is that the background colour I set in the css class does not display. The font colour does display correctly.
When the validation summary is displayed using client side script the styles are displayed correctly. i am not sure why they dont when there is a post back.
css
.form-box .form-error-box {
background: #cd3300 url("../../../images/alert.gif") no-repeat 10px 10px;
color: #ffffff;
font-weight:bold;
padding:10px;
padding-left: 80px;
min-height:55px;
}
code
<asp:validationsummary id="vSummary" cssclass="form-error-box" displaymode="BulletList" headertext="An error has occured" runat="server" backcolor="" forecolor="" />
This works in Firefox and IE 8 on post but not IE 6. Unfortunatly I have to support IE 6
View 1 Replies
Jan 18, 2011
I have a modal popup that i use to play a video, works great.. but once you close the popup if for any reason you hit the enter key or refresh the page at a later time, it causes the popup to open again. There are 3 buttons within the page that can call this popup, so where within my code behind would i add logic to prevent it from popping up unless you click one of those 3 buttons..
View 2 Replies
Jan 3, 2011
I need some help to finish of my PayPal page.
I am using Visual Basic in ASP.NET. I have been able to send items to PayPal, complete the transaction and then come back to my site. I have the been able to send and receive the token & auth code, and also the Payers details. (See code Below)
What I need help with is displaying the items that have been bought. If the user buys only one product then that is fine as I can just hard code for one item. BUT I want users to buy more than one item and displaying it has caused a problem.
I know that PayPal sends all the data back for the items, with the result being item_namex, quantityx, mc_gross_x. Where x is the item number.
This is where I have the problem. Do I hard code for item_name1,2,3,4,5...... 100 (which is alot of code) or is there a better, easier way to extract ALL items and display in a simple table.
At the bottom of my code you will see my first attempt at the table (highlighted by ****************)
[Code]....
View 9 Replies
Feb 25, 2010
In the page load evertything is working fine. Iam using Updatepanel in my page .Images are not displaying with post back i am using telerick grid and jquery in my page. how to get images on postback
View 4 Replies
Mar 29, 2010
I have a View that has a select drop-down list and an edit button within a form. What I want to do is have the user select one of the options from the select element, click on the edit button, and get the value of the selected option in the Controller method.
I created my form with <% Html.BeginForm(): %>
and the Controller "Edit" method should be called.
I looked through several online examples, but each one focused on how to set values and the default selected value of the select element, rather than retrieving it from the code in the Controller method. I tried grabbing it from the Request.Form collection like:
string val = Request.Form["myDropDownList"].ToString();
and also:
string val = Request.Form["myDropDownList"];
Obviously I didn't do this correctly, because I get a null reference exception. Does anyone have the solution to this issue?
View 10 Replies
Aug 30, 2010
I am trying to go to a view with a speicifed batchId parameter wrapped in a ViewModel, pick a file to upload, get the uploaded file back and store the file data w/ the associated BatchId value in a database.When the form is submitted I don't know how to get back the viewmodel and the PostedFileBase so that I can get the BatchId value.I need the batchId value to associate it with the data I am storing in the database.I have the following Action Method in my Controller to allow adding new customers to the specified batch by means of a file upload and import:
public ActionResult AddCustomers(int batchId)
{
var viewModel = new AddCustomersViewModel() { BatchId = batchId, //other view
[code]...
View 1 Replies
Sep 21, 2010
After rendering a view on a Post, a call to RenderAction inside the view will call for the Post method. Is there any way to specify I want to call the Get method instead of the Post?
View 1 Replies
Jan 5, 2011
I'm showing a small table with a list of usernames, and I want an ActionLink next to each username to Edit the user on another page.
[code]...
The usernames display correctly, just the link doesn't show up. I'm not sure why it wouldn't throw an error instead.What am I missing here?
View 2 Replies
Apr 15, 2010
For some reason I can't get an ajax post action to work if the text inside an textarea contains HTML. In the text area I am entering <h1>test</h1>, when I do that, I can click on the Save button all day if I want, nothing happens. Not sure whats causing this, but it also appears to do it if I don't use the ajax form and just a standard html form.
Here is the code for the controller:
[Code]....
Here is the code for AjaxForm:
[Code]....
And here is how I am putting the control on the form:
[Code]....
View 2 Replies
Mar 18, 2011
i am really confuse about the html dropdown helper. i cant reli find one info which describe clearly about every overload and how to use them.currently i gone through a problem which i spent one day and still cant resolve it, really hope can get the help here since i need to make tis work for my final year project..i have a food table, and a foodtype table. each food will have a type, so the FoodTypeID is the FK for Food table.i want to have a create and edit page for Food. on the page, i want to provide a dropdownlist for user to select the food typethe FoodTypeName column that store the food type description is at the FoodType table, so i need to get the value of FoodTypeID based on user selection on the dropdown.I had tried for hourssss to do this bt i either get a compilation or cant save the new foodType selected in db
[Code]....
in fact, i not reli understand wat should be put inside the model => xxx and the dropdown helper overload, i am writing this based on the mvc tutorial
View 12 Replies
Feb 11, 2011
I am writing a content management system using JQuery.ajax & C#. The JQuery calls an httpHandler and POSTS the html from an html editor JQuery plugin.
I get an error in the handler about unsafe content (html basically) but I dont want turn off validation for the whole page, just the handler (the handler is part of a web control not the page).
So, is it possible to turn the validation off just for one handler? Or do I need to encode the html on the client?
In the end I went for the encoding on the client at Javascript/JQuery HTML Encoding
View 2 Replies
Mar 9, 2010
I've been asked to create a page which will provide identical information from another page. The key thing is, from my understanding, that it is not data driven it's from a txt file wich is updated. This info will need to be reflected on the page I'm going to create. how to "pull" or get the information w/o the help of database?
View 13 Replies
Aug 28, 2010
well the question is simple but i searched all over, found crystal reports found many tools
but the problem is
i cannot use an other tools, or libraries other then the default with vs08 sp1
i cannot use crystal reports, as its datasource is dataset or xml none of which is there
my page on users click of button generates a html table and info within using c# code behind (i.e. at runtime) so how to write this stream to browser such that it becomes a valid pdf file?
View 4 Replies
Dec 28, 2010
I have a form with several textarea elements. User enters data and submits the form. On the next page it shows submitted text as static text - in p tags. Obviously New Line and multiple paces get ignored and everything just shows in one line. I can do some preprocessing like replacing New line characters with "br/" and spaces with . but I was wondering if there is a standard solution to that either on server side (C#) or client side (javascript)
View 3 Replies
Feb 20, 2012
I have to display some HTML from our system and do by using
DivOutline.InnerHtml = outlinetext;
where outlinetext is a string of HTML
However the string contains code as below
"<!--[if !supportLists]-->"
which for some reason also gets displayed.
I think it could be because the actual string is
("<!--[
but even when I try
outlinetext.Replace("<", "<");
the text does not seem to get replaced
How to make the comments not display or why the string.replace function cannot pict out "<" when I can see it is definately in the string?
View 2 Replies
Jul 22, 2010
I've been asked to take over a project that's filled with a bunch of bugs. It's currently using MVC 1.0 and there's a view with Html Helper Data Grid that uses a DataGridHelper class. I'm not that familiar with all of MVC yet, and I was wondering if it is possible to have the sorting of the columns be a POST event rather than a GET.
Currently when a user clicks a column to sort, the controller for the view calls the GET action method. This I guess is all fine and good, but the problem is that this view has a search form (which is a model in it's own right) with some text boxes and some drop down lists. When the GET action method is called, I lose all of the information in the search criteria. So when ever someone searches for something, but then wants to sort the results, it requries the db for all records (because all of the search criteria is cleared).
I guess there could be two solutions:
1) Is there a way to access the items in the search form / model in the GET portion of the action method? I've tried using ViewData or adding a parameter for the search form model, but (and maybe I'm doing it wrong) both return null.
2) Is there a way to make the sorting event of a column call the POST portion of the action method? That way I'll have the search form / model information and be able to sort the search result content instead of query for all records.
Also, there is a stored procedure that currently can handel all of possible search parameters. So, no matter what sort column is selected, or search parameters are entered, it can properly setup the sql query.
View 6 Replies
Sep 24, 2010
After upgrading our project to the .net 4.0 framework (from 3.5), we facing some problems with ajax calls with html in the parameters. As soon as the user enters some html in a text area the ajax call isn't executed anymore. If the user enters plain text only, there is no problem.
[code]...
View 2 Replies
Oct 15, 2010
I am creating Fan page and application for Post something in Fan page wall from ASp.net page. But Text get post Nicely. But Images and attachments not get post in my wall. Is ther any way to Pass HTML code from asp.net to post in my Facebook Fans page Wall.
View 2 Replies
Dec 13, 2010
I am trying to create a static HTML page which has a <form> which posts to a 3rd-party ASP.NET website.
Is this possible when the target website uses ASP.NET webforms?
View 2 Replies
Oct 29, 2010
i have html page for example like this..
[Code]....
how do i get all content in string area "content" and pass to server ..
The value that pass to server should be like this :
area = "<div><h2>bla bla bla</h2><p>bla bla bla <br /> </p></div> <br /> <br /> ";
View 2 Replies
Nov 30, 2010
string url = "~/sales/saleimage/RedErrorImage.png";
StringBuilder b = new StringBuilder();
b.Append("<img src=");
b.Append(url);
b.Append("alt='No Image Available' width='350px' height='200px' >");
Image not Displaying where m i wrong
View 11 Replies
Feb 6, 2011
I need to display html text (terms & conditions) on a page. This text comes from an external html file. The reason for this is so the text can be changed as and when needed in the external html file and web page would display the up to date text. Also html will also handle text formatting.
So my question is how can I import html text from an external file and display on a web page?
View 2 Replies
Sep 29, 2010
I have a test app with a form view.I cannot get the view to display correctly instead of displaying a series to text boxes it displays quoted html.I suspect that my problem is related to my VB syntax for my Linq The C# equivilant works but my shop uses VB so I must convert the code.Here is the code from the view:
[Code]....
View 2 Replies
