MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Error occurred while adding html code in header and footer fields  (Mono Support )

Viewed 25346 time(s), 4 post(s) 3/21/2012 4:18:57 PMby mk
mk

mk

3/21/2012 4:42:23 PM
I am trying to add html code in header and footer of the simple navigation web part but i am getting error 500. i have attached a screenshot as well.

Error

Server Error in '/' Application.A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl01$ctl00$cp$cp$editorZone$propertyGridEditorPart$ctl03$ctl00="<br />").Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl01$ctl00$cp$cp$editorZone$propertyGridEditorPart$ctl03$ctl00="<br />").

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ctl01$ctl00$cp$cp$editorZone$propertyGridEditorPart$ctl03$ctl00="<br />").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +322
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +120
System.Web.HttpRequest.get_Form() +105
System.Web.HttpRequest.get_HasForm() +65
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +49
System.Web.UI.Page.DeterminePostBackMode() +82
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +9194
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +258
System.Web.UI.Page.ProcessRequest() +79
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +23
System.Web.UI.Page.ProcessRequest(HttpContext context) +111
ASP.monox_pages_company_info_aspx.ProcessRequest(HttpContext context) +4
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +429
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +76

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
This content has not been rated yet. 
120 Reputation 9 Total posts
denis

denis

3/22/2012 9:11:12 PM
Are you using ASP.NET 4? What is the value of the validateRequest attribute of the pages element in web.config? Do you have a requestValidationMode attribute of the httpRuntime element?
This content has not been rated yet. 
7207 Reputation 956 Total posts
mk

mk

3/23/2012 10:25:04 AM
Yes, i am using ASP.NET 4. By default there was no requestValidationMode attribute in web.config file but now I have added requestValidationMode= "2.0" and its working fine.

by default validateRequest and enableEventValidation attributes are false in web.config file. I think it's security hole because we are not validating the request. Any thoughts?
This content has not been rated yet. 
120 Reputation 9 Total posts
denis

denis

3/23/2012 3:49:32 PM
It should not be: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx It is also a good idea to sanitize user input via SecurityUtility.SanitizeHtml (MonoX does that behind the scene).
This content has not been rated yet. 
7207 Reputation 956 Total posts