tags:

views:

693

answers:

3
+2  Q: 

Invalid postback or callback argument

I have an ASP.net application that works fine in the development environment but in the production environment throws the following exception when clicking a link that performs a postback. Any ideas?

Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

Edit: This seems to only be happening when viewed with IE6 but not with IE7, any ideas?

A: 

It seems that the data/controls on the page are changed when the postback occurs. What happens if you turn off the event validation in the page directive. 

<%@ Page ... EnableEventValidation = "false" />
azamsharp  2008-09-19 16:45:40
I can't turn off the validation as I rely on it for other operations.
jwarzech  2008-09-19 16:56:53
+1  A: 

This can happen if you're posting what appears to be possibly malicious things; such as a textbox that has html in it, but is not encoded prior to postback. If you are allowing html or script to be submitted, you need to encode it so that the characters, such as <, are passed as & lt;.

Nikki9696  2008-09-19 17:10:34
A: 

I only ever get this when I have nested <form> tags in my pages. IE6 will look at the nested form tags and try to post the values in those forms as well as the main ASP.NET form, causing the error. Other browsers don't post the nested forms (since it's invalid HTML) and don't get the error.

You can certainly solve this by doing an EnableEventValidation = "false", but that can mean problems for your posted values and viewstate. It's better to weed out the nested <form> tags first.

There are other spots where this can come up, like HTML-esque values in form fields, but I think the error messages for those were more specific. On a generic postback that throws this, I'd just check the rendered page for extra <form> tags.

dnord  2008-11-10 19:27:50

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps