U4-2543 - In the back office its possible to get Response Validation errors

Created by Pete Duncanson 25 Jul 2013, 10:51:24 Updated by Sebastiaan Janssen 26 Jul 2013, 13:19:02

Just had a request validation error for a description field I added some HTML into for a data field:

"A POTENTIALLY DANGEROUS REQUEST.FORM VALUE WAS DETECTED FROM THE CLIENT"

I got around it by disabling ValidateRequest on the editNodeTypeNew.aspx page in its Page Directive. Got me thinking why is this not added defacto?

Anyone see any reason to not add this to the backend (where a user should be logged in and can do whatever damage they like anyway)?

Pete

<%@ Page Language="c#" CodeBehind="EditNodeTypeNew.aspx.cs" AutoEventWireup="True" ValidateRequest = "false" Async="true" AsyncTimeOut="300" Trace="false" Inherits="Umbraco.Web.UI.Umbraco.Settings.EditNodeTypeNew" MasterPageFile="../masterpages/umbracoPage.Master" %>

Comments

Sebastiaan Janssen 26 Jul 2013, 13:18:58

Fixed in revision d734ba6136491761f2de0d4c0320d64fd6779df0 There might be other areas where this needs fixing but let's take them one at a time when we discover them.


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted: Inline code

Affected versions:

Due in version: 6.1.4

Sprint:

Story Points:

Cycle: