|
HTML not accepted in datagrid update modules
I'm trying to insert HTML elements (tags like <br> , or even links tags
<a href> etc) into a datagrid module that updates articles in sql dbase. The actual field "articletext" that contains the content for the article is configured in the datagrid as such below: <asp:TemplateColumn headertext="Article Text"> <ItemTemplate> <%# DataBinder.Eval(Container.DataItem, "ArticleText") %> </ItemTemplate> <EditItemTemplate> <asp:TextBox id="ArticleText" runat="server" Height="250px" TextMode="MultiLine" text='<%# DataBinder.Eval(Container.DataItem, "ArticleText") %>' ></asp:TextBox> </EditItemTemplate> </asp:TemplateColumn> works fine when submitting regular text, but get this error when adding html: A potentially dangerous Request.Form value was detected from the client (MyDataGrid:_ctl6:ArticleText="...7TH GAME!!<br> Welcome to o..."). ???? .NetSports |
Re: HTML not accepted in datagrid update modules
".Net Sports" <ballz2wall@cox.net> wrote in message news:1119548013.743358.206400@g43g2000cwa.googlegr oups.com... > I'm trying to insert HTML elements (tags like <br> , or even links tags > <a href> etc) into a datagrid module that updates articles in sql > dbase. The actual field "articletext" that contains the content for the > article is configured in the datagrid as such below: > > <asp:TemplateColumn headertext="Article Text"> > <ItemTemplate> > <%# DataBinder.Eval(Container.DataItem, "ArticleText") %> > </ItemTemplate> > <EditItemTemplate> > Take a look at ValidateRequest in the @Page directive. There are precautions you must take also, so be sure to follow them. Mike |
Re: HTML not accepted in datagrid update modules
I was able to adjust the @Page directive with this, thanks!
|
Re: HTML not accepted in datagrid update modules
".Net Sports" <ballz2wall@cox.net> wrote in message news:1119561317.323214.16560@g43g2000cwa.googlegro ups.com... >I was able to adjust the @Page directive with this, thanks! Be sure to use server.htmlencode or some other method to handle anything malicious unless you are sure of the source. This is from the .net SDK ... Note This example will only work if you disable request validation in the page by adding the @ Page attribute ValidateRequest="false". Never disable request validation without adding your own check or filter. Mike |
| All times are GMT. The time now is 08:51 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.