Quantcast
Channel: AjaxControlToolkit Work Item Rss Feed
Viewing all articles
Browse latest Browse all 4356

Edited Unassigned: HtmlEditorExtender causes request validation failure in chrome & opera [27744]

$
0
0
I'm using the HtmlEditorExtender control on an ASP.NET 4.0 website. In IE, Safari and Firefox the control works fine. But with Chrome and Opera the page generates this error:

```
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was detected from the client (ctl00$Body$MetricComment="<br>").
```

This error happens if there is __ANY__ html at all, but not on the initial form submission. It only happens when you go back to the same page and then resubmit the form with the HTML in it.

It did not fix the issue when enabling the HtmlAgilityPack sanitizer as shown on this page: http://stephenwalther.com/archive/2012/06/25/announcing-the-june-2012-release-of-the-ajax-control-toolkit

Interestingly when I switched from this control to a jQuery powered html editor the error began appearing on all browsers. This leads me to believe it is a Chrome/Opera bug with the way they are handling the HtmlEditorExtender control. However, I have my doubts that I will get anywhere quickly by posting a bug to them, especially since I'm not sure exactly what is different that is causing the issue.

I was wondering you guys knew of any workarounds for this issue? Even a good description of exactly what is going wrong could help me figure out something that might work.

Currently the only way I've gotten it to work with Chrome is to set RequestValidation="false" for the page but, of course, that is not ideal.

Possibly this is related to the javascript error that I'm receiving. I've logged it as a separate issue for clarity. https://ajaxcontroltoolkit.codeplex.com/workitem/27745

Viewing all articles
Browse latest Browse all 4356

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>