I'm using WebDataGrid in v15.1.20151.1018.
When user edit in the WDG and entering something with "<", for example: cost<price, it shows in the grid correctly but when s/he click any button which triggered postback, the page throw an exception:
Exception Type: System.Web.HttpRequestValidationExceptionException Message: A potentially dangerous Request.Form value was detected from the client (ctl00_cphContent_WDG_clientState="...lue":"cost<price","_commited":...").
Exception Source: System.WebTarget Site: ValidateStringStack Trace: ---- Stack Trace ---- System.Web.HttpRequest.ValidateString(String valueString collectionKey, RequestValidationSource requestCollection) Unknown file: N 9694221 System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collectionRequestValidationSource requestCollection) Unknown file: N 00184 System.Web.HttpRequest.get_Form() Unknown file: N 00055 System.Web.HttpRequest.get_HasForm() Unknown file: N 9695791 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) Unknown file: N 00095 System.Web.UI.Page.DeterminePostBackMode() Unknown file: N 00069 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPointBoolean includeStagesAfterAsyncPoint) Unknown file: N 06704 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPointBoolean includeStagesAfterAsyncPoint) Unknown file: N 00245 System.Web.UI.Page.ProcessRequest() Unknown file: N 00072 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) Unknown file: N 00021 System.Web.UI.Page.ProcessRequest(HttpContext context) Unknown file: N 00058 ASP.content_testing_aspx.ProcessRequest(HttpContext context) App_Web_ggc1pwr1.4.cs: line 0000, col 00,IL 0001 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() Unknown file: N 00341 System.Web.HttpApplication.ExecuteStep(IExecutionStep stepBoolean& completedSynchronously) Unknown file: N 00069
For some security reason we are not allowed to set ValidateRequest to false.
Why WDG isn't post the Encoded string to backend but the original symbol?
Any suggestion or workaround could apply to pass this exception?
Thanks a lot.
Hi,
Thank you for using our forum.
You can set HtmlEncode to false for specific column, however that will not allow you to submit html to the server. By default ASP.NET validate every request ( https://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception(v=vs.110).aspx) , so validating should be disabled. It will be a good practice to validate the input for script injection.
Please let me know if I can provide any further assistance.
Hi Nadia,
Thanks for your reply.
I've tried to set the ValidateRequest to false and seems everything going good. but we'd like to know, when we'd like to post something with "<" and ">" which Column setting HtmlEncode=false:
Is it we can only set the ValidateRequest to false?
And any paper were mention how infragistics handle the httpencode after postback??
Thanks a lot
You can just set ValidateRequest to false and editing will works fine.
There is no document about the htmlEncode property, when you want to show HTML as text you have to set it to true, when you want to use HTML tags you can set it to false.
You can see this forum post:
http://www.infragistics.com/community/forums/t/69850.aspx