tags:

views:

31

answers:

1
Q: 

How to send html content through ajax request?

I have a form with a textarea (tinymce) for input content. When I perform an ajax request, I got the error:

A potentially dangerous Request.Form value was detected from the client

Then I've tried something like

html.encodeURIComponent() or escape() but the error is still here

HTML:

<form id="editForm" action="" method="post">
  <input type="text" id="title" name="title" />
  <textarea id="content" name="content"></textarea>
  <input type="button" id="submit" onclick="Submit();" />
</form>

Script (I use jQuery)

function Submit(){
 $.ajax({                
  url: 'ajax.aspx?type=addcontent&' + $('#editForm').serialize() + '&rnd=' + Math.random(),
  success: function(data) {
   alert('OK');
  }
 });
}

As soon as I press the submit button, the error appears. No ajax request is made. I've tried add ValidateRequest="false" to the aspx page but the problem is still here.

Any help is appreciated!

A:  
$.post('/foo', { htmlContent: '<someHtml/>' }, function(result) {
    alert('ok');
});

Now the error comes from the server side script which doesn't accept HTML. The ASP.NET engine will automatically drop any requests containing HTML. There are different ways of disabling this behavior at your own risk. One of it consists of adding the ValidateRequest="false" to the aspx @Page header.

<%@ Page Language="C#" AutoEventWireup="false" ValidateRequest="false" %>

If it is an ASP.NET MVC application you could decorate the controller action to which you are posting with the [ValidateInput(false)] attribute:

[HttpPost]
[ValidateInput(false)]
public ActionResult Foo()
{
    ...    
}

It is also important to note that if you are running .NET 4.0 you will need to add the following to your web.config:

<httpRuntime requestValidationMode="2.0" />
Darin Dimitrov  2010-09-18 08:37:03
I guess that too so I've tried to encode the html content but still find nothing ~.~
NVA  2010-09-18 08:41:01
You don't need to encode anything. If you use the `data` hash to send parameters jQuery will take care of encoding.
Darin Dimitrov  2010-09-18 08:42:59
Could you please give me an example or a link to the tut? Thanks a lot!
NVA  2010-09-18 08:51:38
What tutorial? Did you try what I suggested?
Darin Dimitrov  2010-09-18 08:53:50
I add 'data: hash' to the ajax request but nothing changes.
NVA  2010-09-18 09:07:37
And on the server side did you disable input validation? If yes, how and what exactly did you do? What version of the framework you are using?
Darin Dimitrov  2010-09-18 09:08:34
To which aspx page did you add the `ValidateRequest="false"` attribute? It should be the one you are sending the AJAX request to (`ajax.aspx`) and not the one containing the `textarea`.
Darin Dimitrov  2010-09-18 09:14:33

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?