We have moved to GitHub Issues
Created by Pete Duncanson 25 Jul 2013, 10:51:24 Updated by Sebastiaan Janssen 26 Jul 2013, 13:19:02
Just had a request validation error for a description field I added some HTML into for a data field:
"A POTENTIALLY DANGEROUS REQUEST.FORM VALUE WAS DETECTED FROM THE CLIENT"
I got around it by disabling ValidateRequest on the editNodeTypeNew.aspx page in its Page Directive. Got me thinking why is this not added defacto?
Anyone see any reason to not add this to the backend (where a user should be logged in and can do whatever damage they like anyway)?
<%@ Page Language="c#" CodeBehind="EditNodeTypeNew.aspx.cs" AutoEventWireup="True" ValidateRequest = "false" Async="true" AsyncTimeOut="300" Trace="false" Inherits="Umbraco.Web.UI.Umbraco.Settings.EditNodeTypeNew" MasterPageFile="../masterpages/umbracoPage.Master" %>
Fixed in revision d734ba6136491761f2de0d4c0320d64fd6779df0 There might be other areas where this needs fixing but let's take them one at a time when we discover them.
Backwards Compatible: True
Fix Submitted: Inline code
Due in version: 6.1.4