Bug Report B194042
Visible to All Users

Switch from 'Design' to 'HTML' or 'Preview' gives ... potentially dangerous Request.Form value was detected

created 14 years ago

Hi,
Getting following error:
A potentially dangerous Request.Form value was detected from the client (ctl00_Main_panelElementChoice_elementList_VI="<h2>Login Header</h2…").
When HTML editor is switched from design to HTML or preview tab.
This all worked fine with version 9.3 but now we have upgraded to 10.2 (NOTE NOT 10.3) we are getting the error describled. The page directive for the page concerned had validateRequest="false" and I have tried setting the same value for the entire application in Web.Config, but to no affect.
The HTML editor is used to edit the content of fields on other pages. Hence in the example error it has been given <h2>Login Header</h2>.
As stated please note that this worked with V9.3 and has only been an issue after upgrading to V10.2. We went to 10.2 as we want to use the new WPF Scheduler control and at the time V10.3 was not available.
Regards,
Richard.

Answers

created 14 years ago

Hi Gavin,
By default, potentially dangerous values are not submitted on the server side by ASP.NET. If any input element contains potentially dangerous values, the server-side operation execution will be stopped. It is possible to disable potentially dangerous values validation by setting the Page.ValidateRequest property to "false".
If you believe that your HTML content is safe, please send us a sample project for further examination. We will be glad to help you.
Thanks,
Alex

    Comments (2)

      Hi,
      Your response made us realise that if DevExpress was not to blame what else had changed significantly. That was easily answered as the other big change we had made was moving to .NET 4.0 from 3.5. A quick search found the solution. Need to add requestValidationMode="2.0".
      e.g.
      <system.web>
          <httpRuntime requestValidationMode="2.0" />
      </system.web>
      Problem now solved.
      Thanks for your help and hope this helps others!

      DevExpress Support Team 14 years ago

        Hello Gavin:
        We are glad to hear that the issue is solved. If you have other issues, related to our controls, please feel free to post corresponding reports. We will do our best to help you.
        Thanks
        Kate.

        Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

        Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.