Sep 14, 2010 at 1:37 AM
Edited Sep 14, 2010 at 1:39 AM
The non working behavior that I see are described below:
1. Click the HTML view and nothing happens
2. Click the Design View and nothing happens
3. Save the Editor Text to a lable via a button click ex.. ( Label1.Text = Editor1.Text;) results in the following error:
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$Editor1$editortext="<P><BR></P>").
Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To
allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />.
After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all
inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$Editor1$editortext="<P><BR></P>").
I have set the validateRequest="false" and that hasn't made any difference...
Hummm?? like I said - If i change the target frame work to 3.5 all is well but when i change it back to 4.0 - I get the big crash...
Oh!! I forgot to mention that if your going to target .net 4.0 then in your web.config you must add : <httpRuntime requestValidationMode="2.0"/>
This setting is important as it will allow you to override request validation in your page directive. It's a breaking change introduced in .net 4.0 by ASP.NET unfortunately.
When you use an html editor then you want to accept html content so automatic request validation brings nothing but problems. You must do your usual validation manually. I have tried in many ways to automate this process but the best way is for every developer
to be aware and handle their own validation rules manually.
If you notice the default web.config file in the samples download, it contains the following settings, I encourage you to experiment with these settings :
For more information on how to configure your ASP.NET application, please visit
<compilation debug="true" targetFramework="4.0">
<add verb="*" path="typps.axd" type="Typps.WebResourceHandler"/>
<add verb="*" path="typps.axd" type="Typps.WebResourceHandler" name="WebResourceHandler" preCondition="integratedMode"/>
Notice the addition of <httpRuntime requestValidationMode="2.0"/> in the above sample web.config. This setting is important. I didn't automate this particular setting because I feel everybody must do this themselves manually. It's quite personal
so instead I limit myself to mention this in the documenation that I am still currently authoring :P:P
It will be ready soon.