My Column in the DB are: nvarchar(MAX)
I need to add HTML code into my Database: from CKEditor. I get the following Error.
A potentially dangerous Request.Form value was detected from the client (Description="<h1>Heding 1 </...").
I am using the following Code:
var String=Request["String"];
I even used the following:
var String= HttpUtility.HtmlEncode(Request["String"]);
String=Request["String"];
here is part of my code:
if(IsPost){
var Description =Request.Unvalidated["Description"];
// Here I insert into Database
and The FORM part is:
<form action="" enctype="multipart/form-data" method="post">
<div class="row">
<div class="two columns offset-by-two"><br/><label> Description: </label><br/></div>
<div class="eight columns"><textarea name="Description"></textarea></div>
I want to store the text from "Description" to my database....
You simply need to use Request.Unvalidated to reference inputs that contain HTML if you don't want ASP.NET Request validation kicking in within the ASP.NET Web Pages framework:
var text = Request.Unvalidated["myTextBox"];
Or:
var text = Request.Unvalidated("myTextBox");
It looks like HtmlEncoding should do the trick.
Did you try the following:
var myColumnData = HttpUtility.HtmlEncode(Request["String"]);
Then pass this myColumnData, and all other columns to your Database table.
Edit: In addition to above, you may also want to look at the project settings, as it is recommended in the following blog - A potentially dangerous Request value was detected from the client.
This did the trick for me.
var text = Request.Unvalidated["myTextBox"];
Thank you.
SAFETY RULES.....Before you push it to the database, i suggest you filter suspicious tags such as script tags.
var x = Request.Unvalidated("MyField");
if(x.Contains("<script>") || x.Contains("</script>")){
//no script tag allowed.
}
Related
I am trying to translate using microsoft cognitive text translation API:
Text to be translated is Your ticket with number INC123456 has been created. Following is the link, https://microsofttest.service-now.com/sp?id=ticket&table=incident&sys_id=aisuoiqwq1233444.
// Translating from english to telugu
This is getting translated into:
నెంబరు INC20534102 మీ టిక్కెట్ సృష్టించబడింది. దిగువ లింక్, [https://microsofttest.service-now.com/sp? id = టిక్కెట్ & పట్టిక = ఘటన & sys_id = aisuoiqwq1233444] (https://microsofttest.service-now.com/sp? id = టిక్కెట్ & పట్టిక = ఘటన & sys_id = aisuoiqwq1233444).
How can I prevent link from getting translated?
It is stated in the documentation that you can tag content so that it isn't translated using several methods.
I think the best method for your scenario is tagging your content with notranslate as per the example below:
<div class="notranslate">This will not be translated.</div>
<div>This will be translated. </div>
You can either allow the user to edit the content using HTML, but I think the most essential solution would be to write a function to search for URLs in the content and automatically add this notranslate tag to it and do the magic!
I wan to be able to select the contents of the following script tag.
<script type="text/javascript" class="sample">
/* <![CDATA[ */
var test = {};
test.hey = 1;
/* ]]> */
</script>
Running $(".sample").text() in geb results in an empty string. Is there a way to access the plain text script contents?
Not familiar with the framework you mentioned but it is possible that $(".sample").text() returns an empty string because the code within the <script> tag is not a visible piece of HTML. As mentioned in this SO post try using either $(".sample").html().
This of course is assuming that the gebish framework API supports a .html() method on the object. You could find something equivalent in the API docs if this solution does not work.
I made a template and there is a <select dojotype="dijit.form.ComboBox" dojoAttachPoint="selectPageNumber" id="selectPageNumber">tag with id and dojoAttachPoint be "selectPageNumber". I want to populate it with options upon create so I add some code to the postCreate function:
var select = dijit.byId("selectPageNumber");
or
var select = this.selectPageNumber;
but I always have select being undefined.
What am I doing wrong?
UPD:
The problem with element has been solved spontaneously and I didn't got the solution. I used neither dojo.addOnLoad nor widgetsInTemplate : true, it just started to work. But I have found the same problem again: when I added another tag I can't get it!
HTML:
<select class="ctrl2" dojotype="dijit.form.ComboBox" dojoAttachPoint="selectPageNumber" id="selectPageNumber">
</select>
<select class="ctrl2" dojotype="dijit.form.ComboBox" dojoAttachPoint="selectPageNumber2" id="selectPageNumber2">
</select>
widget:
alert(this.selectPageNumber);
alert(this.selectPageNumber2);
first alert shows that this.selectPageNumber is a valid object and the this.selectPageNumber2 is null.
widgetsInTemplate is set to false.
all the code is within dojo.addOnLoad()
dojo.require() is valid
I am using IBM Rational Application Developer (if it is essential).
WHY it is so different?
Based on your syntax, I am assuming that you are using 1.6. Your question mentions template and postCreate, so i am assuming that you have created a widget that acts as a composite (widgets in the template).
Assuming 1.6, in your widget, have you set the widgetsInTemplate property to true. This will tell the parser that your template has widgets that need to be parsed when creating the widget.
http://dojotoolkit.org/documentation/tutorials/1.6/templated/
I would remove the id from the select. Having the id means that you can only instantiate your widget once per page. You should use this.selectPageNumber within your widget to access the select widget.
If you are using 1.7 or greater, instead of setting the widgets widgetsInTemplate property, you should use the dijit._WidgetsInTemplateMixin mixin.
http://dojotoolkit.org/reference-guide/1.8/dijit/_WidgetsInTemplateMixin.html
Depending on when dijit.byId() is being called, the widget may not have been created yet. Try using dojo.addOnLoad()
dojo.addOnLoad(function() {
var select = dijit.byId("selectPageNumber");
});
I came close to the solution: it seems like there is a some sort of RAD "caching" that doesn't respond to changes made in html code.
Ways to purge the workspace environment with RAD (based on Eclipse) might be a solution.
I am working in Ektron 8.6.
I have a FormBlock Server Control in my Template Page,It is having a DefualutFormID of a valid HTML form from workarea.The form in the workarea have got few form fields and their corresponding values.
While the template page is rendering I need to GET those form field values and re-set them with some other values.
In which Page –Cycle event I should do this coding?
I tried this code in Pre-Render Event,but I am unable to GET the value there,but I am able to set a value.
I tried SaveStateComplete event as well,no luck.
String s=FormBlock1.Fields["FirstName"].Value;
If(s=”some text”)
{
// Re-set as some other vale.
FormBlock1.Fields["FirstName"].Value=”Some other value”;
}
In which event I can write this piece of code?
Page_Load works fine for changing the value of a form field. The default behavior is for the Ektron server controls to load their data during Page_Init.
The real problem is how to get the default value. I tried every possible way I could find to get at the data defining an Ektron form (more specifically, a field's default value), and here's what I came up with. I'll admit, this is a bit of a hack, but it works.
var xml = XElement.Parse("<ekForm>" + cmsFormBlock.EkItem.Html + "</ekForm>");
var inputField = xml.Descendants("input").FirstOrDefault(i => i.Attribute("id").Value == "SampleTextField");
string defaultValue = inputField.Attribute("value").Value;
if (defaultValue == "The default value for this field is 42")
{
// do stuff here...
}
My FormBlock server control is defined on the ASPX side, nothing fancy:
<CMS:FormBlock runat="server" ID="cmsFormBlock" DynamicParameter="ekfrm"/>
And, of course, XElement requires the following using statement:
using System.Xml.Linq;
So basically, I wrap the HTML with a single root element so that it becomes valid XML. Ektron is pretty good about requiring content to be XHTML, so this should work. Naturally, this should be tested on a more complicated form before using this in production. I'd also recommend a healthy dose of defensive programming -- null checks, try/catch, etc.
Once it is parsed as XML, you can get the value property of the form field by getting the value attribute. For my sample form that I set up, the following was part of the form's HTML (EkItem.Html):
<input type="text" value="The default value for this field is 42" class="design_textfield" size="24" title="Sample Text Field" ektdesignns_name="SampleTextField" ektdesignns_caption="Sample Text Field" id="SampleTextField" ektdesignns_nodetype="element" name="SampleTextField" />
The TableContainer is declared in HTML like so:
<div dojoType="dojox.layout.TableContainer" jsId="myTable" id="myTable" cols="1">
<!-- stuff -->
</div>
I tried adding a row containing a TextBox programmatically like so:
var tb = new dijit.form.TextBox({
label: "Name"
});
myTable.addChild(tb);
The TextBox will be displayed below the table and no labels are shown. How can I place new rows with label inside the table?
I'm pretty sure this is a bug. It looks like once the TableContainer has been started the first time, adding children wont trigger a new layout() etc. A quick but hideous workaround would be to make the TableContainer "forget" that it has already been initialized and started, and then run startup() manually.
var tb = new dijit.form.TextBox({
label: "Name"
});
myTable.addChild(tb);
myTable._initialized = false;
myTable._started = false;
myTable.startup();
I take no responsibility for any unforeseen oddities this may cause though :-) Normally manipulating private members (the ones starting with an underscore) is a bad idea.
yeah there is some issue with tablecontainer ,the suggested work around for this issue would be
<div id='myTable'></div>
declare the div in the HTML but convert it into tableContainer in script then u can have the use of both the ways avoiding the bug
initialize the table container in script like
var myTable=new dojox.layout.TableCOntainer({cols:1},"myTable");
don't forget to startup our table container after adding the childrens
After this you can easily add any number of childs normally