search

dnnsoftware / Dnn.Platform

DNN (formerly DotNetNuke) is the leading open source web content management platform (CMS) in the Microsoft ecosystem.
https://dnncommunity.org/
MIT License
1.01k stars 745 forks source link

[Bug]: A potentially dangerous Request.Path value was detected from the client (:) #6090

Open mannesandeep opened 6 days ago

mannesandeep commented 6 days ago

Is there an existing issue for this?

What happened?

Added an Iframe to the page in HTML Editor, while loading the iframe DotNetNuke is logging the error "A potentially Dangerous Request.Path value was detected from the client. Tried removing the ":" under requestPathInvalidCharacters. But no luck

Steps to reproduce?

  1. Login as Admin to the website
  2. create a page and add an HTML Editor
  3. Add Iframe code in the Editor and save
  4. While loading the iframe the error is logged in the system.

Current Behavior

No response

Expected Behavior

It should read the iframe Origin url

Relevant log output

2024-07-01 06:43:14, 390 [Thread:43][FATAL] DotNetNuke.Web.Common.Internal.DotNetNukeHttpApplication - System.Web.HttpException (0x80004005) : A potentially dangerous Request.Path value was detected from the client (:).
at system.web.httprequest.ValidateInputIfRequiredByconfig()
at system.web.httpapplication.PipelineStepManager.ValidateHelper (httpcontext context)

Anything else?

No response

Affected Versions

9.13.3 (latest release)

What browsers are you seeing the problem on?

Chrome

Code of Conduct

mitchelsellers commented 6 days ago

What exact content are you placing? I know many that add frame content in without issue.

Is the error after the content is saved or when trying to save?