karthik25 / sblog.net

sBlog.Net is a minimalistic blog engine created using the ASP.Net MVC 4 framework
http://sblogproject.net
BSD 3-Clause "New" or "Revised" License
117 stars 61 forks source link

Unable to Post content #6

Closed saifmd4u closed 8 years ago

saifmd4u commented 10 years ago

I am getting an exception

"A potentially dangerous Request.Form value was detected from the client"

So I have changed the code as

if (keyName.Equals("Post.PostContent")) { var unvalidatedValueProvider = bindingContext.ValueProvider as IUnvalidatedValueProvider; return unvalidatedValueProvider.GetValue(keyName, true).AttemptedValue; }

karthik25 commented 10 years ago

Hello Saif, I believe you have changed PostViewModelBinderExtensions. Any specific reason? I will also try modifying and see the effect myself, so that I get more insight about this!

saifmd4u commented 10 years ago

Karthik, I was unable to add new posts and I was getting this exception

"A potentially dangerous Request.Form value was detected from the client"

So I have modified the code to make that work

karthik25 commented 10 years ago

Saif, out of the box this is already handled for you. First in the PostController, the Add / Edit actions have the ValidateInput set to false, like:

[HttpPost]
[ValidateInput(false)]
public ActionResult Add(PostViewModel postModel)
{
     // ...
}

Also, in web.config (sBlog.Net), the following line is present:

<system.web>
      // ....

      <httpRuntime requestValidationMode="2.0" />
</system.web>

So the methods in PostViewModelBinderExtensions does not have to worry about this. Did you have to remove any of these 2 lines for some reason? That may cause this issue! If this is not the case, what other changes did you have to make? A sample project (of sBlog.Net) demonstrating this issue will be helpful (my email is thekfactor at thekfactor dot info)!

Also, if this is present (the 2 lines mentioned in the snippets above), but it still fails, pls. send the post content so that I can replicate this issue at my end! And which version of sBlog.Net are you using?

Thanks for your interest!

nmolzach commented 10 years ago

just a note, my copy of the project didnt have the web.config setting when i pulled it down as i encountered the same issue, but adding it fixed it.

karthik25 commented 10 years ago

@nmolzach response seems to be the answer! Pls. let us know if it worked Saif! Thanks @nmolzach and Saif!