HTML not accepted in datagrid update modules

Discussion in 'ASP .Net' started by .Net Sports, Jun 23, 2005.

  1. .Net Sports

    .Net Sports Guest

    I'm trying to insert HTML elements (tags like <br> , or even links tags
    <a href> etc) into a datagrid module that updates articles in sql
    dbase. The actual field "articletext" that contains the content for the
    article is configured in the datagrid as such below:

    <asp:TemplateColumn headertext="Article Text">
    <ItemTemplate>
    <%# DataBinder.Eval(Container.DataItem, "ArticleText") %>
    </ItemTemplate>
    <EditItemTemplate>

    <asp:TextBox id="ArticleText" runat="server" Height="250px"
    TextMode="MultiLine" text='<%# DataBinder.Eval(Container.DataItem,
    "ArticleText") %>' ></asp:TextBox>
    </EditItemTemplate> </asp:TemplateColumn>

    works fine when submitting regular text, but get this error when adding
    html:

    A potentially dangerous Request.Form value was detected from the client
    (MyDataGrid:_ctl6:ArticleText="...7TH GAME!!<br> Welcome to o...").

    ???? .NetSports
    .Net Sports, Jun 23, 2005
    #1
    1. Advertising

  2. .Net Sports

    vMike Guest

    ".Net Sports" <> wrote in message
    news:...
    > I'm trying to insert HTML elements (tags like <br> , or even links tags
    > <a href> etc) into a datagrid module that updates articles in sql
    > dbase. The actual field "articletext" that contains the content for the
    > article is configured in the datagrid as such below:
    >
    > <asp:TemplateColumn headertext="Article Text">
    > <ItemTemplate>
    > <%# DataBinder.Eval(Container.DataItem, "ArticleText") %>
    > </ItemTemplate>
    > <EditItemTemplate>
    >


    Take a look at ValidateRequest in the @Page directive. There are precautions
    you must take also, so be sure to follow them.
    Mike
    vMike, Jun 23, 2005
    #2
    1. Advertising

  3. .Net Sports

    .Net Sports Guest

    Re: HTML not accepted in datagrid update modules

    I was able to adjust the @Page directive with this, thanks!
    .Net Sports, Jun 23, 2005
    #3
  4. .Net Sports

    vMike Guest

    Re: HTML not accepted in datagrid update modules

    ".Net Sports" <> wrote in message
    news:...
    >I was able to adjust the @Page directive with this, thanks!


    Be sure to use server.htmlencode or some other method to handle anything
    malicious unless you are sure of the source. This is from the .net SDK ...
    Note This example will only work if you disable request validation in
    the page by adding the @ Page attribute ValidateRequest="false". Never
    disable request validation without adding your own check or filter.


    Mike
    vMike, Jun 24, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stefke
    Replies:
    1
    Views:
    308
    Tampa.NET Koder
    Mar 15, 2005
  2. Gaurav
    Replies:
    7
    Views:
    13,054
    Arnaud Berger
    Apr 18, 2005
  3. seb
    Replies:
    4
    Views:
    322
  4. McGyver

    Re: Gift Certificate not accepted question

    McGyver, Feb 1, 2009, in forum: C Programming
    Replies:
    2
    Views:
    324
    Phil Carmody
    Feb 2, 2009
  5. richard
    Replies:
    4
    Views:
    585
    richard
    Nov 29, 2012
Loading...

Share This Page