4

I put ValidateRequest="false" in my page directive but the page acts like it's not posting back. If I remove the html then it posts back fine.

Using the text boxes inside an update panel shouldn't make a difference right?

I'm trying to store text in my database with html formatting.

Again, I am using an update panel.

Improve this question
2
  • What do you mean by "doesn't work"? You're not getting the "this page may contain etc etc" exception when you enter angle brackets in the field? Commented Sep 21, 2010 at 23:24
  • I don't get any error, when I click the save button aka post back, the page acts like I didnt click it, but if I take out the html brackets it saves the data. This is probably because i'm using an update panel. Commented Sep 21, 2010 at 23:28

2 Answers 2

Reset to default
7

You're probably getting an error behind the scenes. If you take out the update panel do you see a nice YSOD?

If this is a .Net 4.0 application, you'll need to change the web config in order to allow for unsafe characters, even though you turned ValidateRequest to false.

The requisite change looks like this: <httpRuntime requestValidationMode="2.0" />

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

yep i took out the update panels and then got the ysod. Thanks.
+1. This is a diabolical change, requiring you to opt-out in two different places just to shake off a feature that is totally wrong-headed, can't make an insecure application secure, and only gives an application that's already secure a load of bugs.
2

Apparently you need to put <httpRuntime requestValidationMode="2.0" /> in web.config to be able to use the ValidateRequest feature in the page directive.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.