+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / html in Menu label

html in Menu label

6 posts, 0 answered
  1. Simon
    Simon avatar
    28 posts
    Registered:
    27 Jun 2008
    20 Aug 2008
    Link to this post
    My company policy is that its name should always be written like this: ifs School of Finance - which we have CSS rules for and just wrap the text in a string e.g. <span class="ifs">ifs</span> <span class="schoolfinance">School of Finance</span>.

    This isn't usually a problem, as we can simply apply the class to any string in a Generic Content section we want. However I have some menu items that need the formatting applied. So I tried to write the html in the Menu label for the page...

    This causes a YSOD - see below. Is there any way for me to add the styling I need and the YSOD is a little concerning for other (less technically aware) users.

    Server Error in '/Intranet' Application.

    A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$pageEditor$ctl17$ctl00$ctl00$MenuLabel="<span class="ifs">if...").

    Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$pageEditor$ctl17$ctl00$ctl00$MenuLabel="<span class="ifs">if...").

    Source Error:

    [No relevant source lines]

    Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\intranet\5bdcacbf\dd9ac058\App_Web_hxawzzx7.0.cs    Line: 0

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$pageEditor$ctl17$ctl00$ctl00$MenuLabel="<span class="ifs">if...").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8718538
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111
    System.Web.HttpRequest.get_Form() +129
    System.Web.HttpRequest.get_HasForm() +8718647
    System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
    System.Web.UI.Page.DeterminePostBackMode() +63
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6785
    System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +242
    System.Web.UI.Page.ProcessRequest() +80
    System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
    System.Web.UI.Page.ProcessRequest(HttpContext context) +49
    ASP.sitefinity_admin_pages_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\intranet\5bdcacbf\dd9ac058\App_Web_hxawzzx7.0.cs:0
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +181
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    21 Aug 2008
    Link to this post
    Hello Simon,

    You see this error as a result of action called Event Validation. This is a standard ASP.NET technique for validating requests and field values on submission. The reason is that your MenuLabel contains HTML characters, so ASP.NET considers this as a security issue and terminates the processing of the page. The only workaround you could use is to disable the Event Validation, but we do not recommend it.
    You should use another approach on achieving this customization. For example, you could dynamically change the style of your menu elements through the page's codebehind file.

    Best wishes,
    Georgi
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  3. Simon
    Simon avatar
    28 posts
    Registered:
    27 Jun 2008
    21 Aug 2008
    Link to this post
    Hi Georgi,

    I am trying a CSS solution to the styling issue at the moment.
    However I have raised this issue as a bug because this should be caught by validation so the end user doesn't see this YSOD.

    There is already validation on Page names, spaces and special characters are not allowed and the user gets a warning if they enter invalid characters.
  4. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    22 Aug 2008
    Link to this post
    Hi Simon,

    We deliberately do not handle some of the exceptions, because they could provide valuable information to developers. I agree that there should be a validator here - people with no programming skills or background could  work here as well.

    We have updated your Telerik account for reporting the bug.

    Sincerely yours,
    Georgi
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  5. mettle
    mettle avatar
    1 posts
    Registered:
    31 Aug 2006
    15 Jul 2009
    Link to this post
    hi

    to disable that security check, you would set ValidateRequest to false for the page:

    <%@ Page Language="VB" ValidateRequest="false" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

    Srinath vuyyuru
  6. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    20 Jul 2009
    Link to this post
    Hi Mettle,

    That's right. You can also do it the web.config file globally, but this is not recommended as it poses a security risk.

    Best wishes,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Register for webinar
6 posts, 0 answered