views:

970

answers:

5

I am getting the error: "Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation." Event validation is enabled using in configuration or in a page. I am not modifying the data in controls through javascript. The error happens very infrequently and I am only aware of it due to some automatic e-mailing I have setup when exceptions are thrown. What is the best way for me to go about finding the cause of the exception? Is it possible that on occasions some text entered into a text box is causing this error and I need to be doing an Html Encode? When would I do the encode?

+1  A: 

If the problem happens very infrequently it usually means that some user has posted a page to quickly or have a very poor connection, that does not allow all the hidden ASP.net callback javascript mechanism being in place.

Eduardo Molteni
+1  A: 

I've often encountered this issue when a user submits a form with a potentially dangerous character in the field ('<', '>', etc.). If your page needs to allow these characters to be submitted in a form, you need to set the page-level property 'ValidateRequest' to false.

Ex.

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="MyClass.cs" Inherits="MyClass" ValidateRequest="false" %>

If you want to block these types of submissions (which is usually advisable), you'll probably need to add client-side scripting to prevent entry of invalid characters to the form. If the user can't enter the invalid values, then the form can post successfully. If you try to do the validation only on the server-side, it won't be run because the .NET ValidateRequest happens first.

Jay S
Is there a list available of what characters can cause this error?
Greg
You should assume that all of the input is bad, unless your application specifically requires it. If you are taking in an email address, you should allow only characters valid for an email address.
Jay S
A: 

Use Server.HtmlEncode whenever your accepting values from a user. Going beyond Server.HtmlEncode, make sure your validating any user input received to the fullest allowable extent. Take advantage of the many Validation controls available ... the following article discussing validation in depth may also prove useful.

I'd steer clear from setting the Page's ValidateRequest to false which could potentially open your application up to exploits.

bryan_cook
A: 

This article offers a possible solution

http://droyad.blogspot.com/2006/12/invalid-postback-or-callback-argument.html

George
A: 

I've had this error before, it turned out someone had changed the "action" attribute of the form runat="server" tag to a different url (which doesn't work unless using cross page postbacks).

-edit: in this case ofcourse it doesn't happen infrequently, so it's probably not going to help you to the right solution

Zidad