Ticket Q262276
Visible to All Users
Duplicate

We have closed this ticket because another page addresses its subject:

ASPxUploadControl - not working on a page that has a masterpage

A potentially dangerous Request.Form value was detected from the client

created 15 years ago

I'm demoing the ASPxHTML Edit component and I've come across an Issue.
I've created a test table with 2 fields and I'm trying to save the html to an NVARCHAR(MAX) field. If I hardcode html directly into the component, it saves perfectly. If I edit the html in the control and then try and save it, it does not reflect the changes I've made. I have included the test project I was using.
Am I doing something wrong, or is this a problem with the component?
I also get the following exception after a few minutes of running the site and trying to switch between design, html and preview windows:
"A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtTestText"
Also, If I place more than one component on the page, the site has trouble displaying.

Show previous comments (1)
DevExpress Support Team 15 years ago

    Hello Shane,
    Our developers have examined your code and found out that you don't set the form.id property on the master page. By design, as there are several forms on a page, our script functions get a reference to an element stored inside the form by using its id. It's impossible to find controls if the form's id is not set, and an exception is thrown.
    Therefore, to overcome your issue, please set the form id in the Site.master:

    HTML
    <form runat="server" id="form1">

    Thanks,
    Marion

      Brilliant! Adding in the ID on the form worked 100% as far as getting the control html to save to the database. That masterpage is a default masterpage that was generated when I created a new ASP.NET webApplication.
      I still however get the following error when I attampt to save a second time or switch between design/html/preview mode of the ASPxHTML Editor control
      A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtTestText="<strong>Hello <span …").
      I've included a screen shot of the error.

      DevExpress Support Team 15 years ago

        Hello Shane,
        I see that you try to insert html code in the ASPxHtmlEditor. This is a known issue related to ASP.NET features. You can check it by replacing our control with standard textarea. If you need to pass html markup on the server side, please switch off the validateRequest in the web.config. To learn more please see:
        A potentially dangerous Request.Form value was detected from the client: ASPxComboBox Text with <tag>, integer value
        "A potentially dangerous Request.Form value was detected from the client" - Problems submitting texts with accented characters
        How To: Prevent Cross-Site Scripting in ASP.NET
        A potentially dangerous Request.Form value was detected from the client
        Thanks,
        Marion

        Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

        Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.