tags:

views:

99

answers:

1
+3  Q: 

Selective Validation

I have a form that have many text fields and all are being validated, I also added the NiceEdit plugin to be able to format text in my text areas, but it is raising errors like:

A potentially dangerous Request.Form value was detected from the client

Now I can simply go to the top of the page and in the page directive add ValidateRequest="false" but this will deprive me from all the validation that I really need, so how can I switch validation OFF for my text areas ???

VB.net, ASP.net 3.5, VWD 2008 Express...

Thanks

+3  A: 

The ValidateRequest setting turns off/on built-in validation against a predefined set of dangerous values. HTML strings are considered dangerous because they could potentially be used to submit and initiate XSS/HTML injection attacks.

Your question appears to imply that you have mistaken this property to have an effect on the validation controls of your page. That is not accurate.

Since you presumably want to allow users to submit HTML via the "NiceEdit" plugin, I can think of two ways of doing this:

  1. Turn off ValidateRequest for the page and handle validation manually. Check for the dangerous values before the form is submitted.

  2. Keep ValidateRequest on for the page, but on the client, just before the page is submitted, use Javascript to encode the HTML value in the relevant textarea (if necessary, perform a Regex replace on all "<" and ">" characters) and then only allow a submit.

The latter method is demonstrated on Mads Kristensen's blog and here.

Cerebrus  2009-04-03 12:44:59
Great answer mate, indeed, i fixed it, turns that i thought it will cause all validation to be switched off, but it doesn't affect it...thanks
Maen  2009-04-03 13:03:39
Most welcome and thanks for the acceptance! I'm glad I was able to correctly guess that you were concerned about page level validations. ;-)
Cerebrus  2009-04-03 13:18:11

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application