Sep 9, 2010 at 1:29 AM
Edited Sep 9, 2010 at 1:32 AM
I am receiving this error. All I did was go in create a new entry and put I am testing this in the editor box.
I know programming wise if I go in and turn off validateRequest=false then that will solve the problem.
However, since it is a blog and comments are allowed, I would prefer not to do this. Because that does offer a limited security for people trying to hack.
Personally I am surprised the developers did not use encoding and decoding to store the data. Makes me wonder about how hackable the comment area is.
Any one have any thoughts?
This is what is stored in the db
<p>I am testing this...
Ooops! An unexpected error has occurred.
This one's down to me! Please accept my apologies for this - I'll see to it that the developer responsible for this happening is given 20 lashes (but only after he or she has fixed this problem).
Url : http://localhost:49417/Ponderings/admin/Pages/Add_entry.aspx
Raw Url : /Ponderings/admin/Pages/Add_entry.aspx
Message : A potentially dangerous Request.Form value was detected from the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent="
Source : System.Web
StackTrace : at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Item(String key)
at BlogEngine.Core.Web.HttpModules.CompressionModule.context_PostReleaseRequestState(Object sender, EventArgs e) in D:\Projects\Be-1610\BlogEngine\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:line 62
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
TargetSite : Void ValidateString(System.String, System.String, System.Web.Util.RequestValidationSource)