Technical support This forum is closed.
Version 1.x > Technical support > Updating main.css from the CMS Desk View modes: 
User avatar
Member
Member
ta5ae - 5/10/2006 4:49:59 PM
   
Updating main.css from the CMS Desk
I recieve the following error if I try to update my style sheet from the CMS Desk:

Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtStyles="...the tabs (<TABLE> tag). Tab...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtStyles="...the tabs (<TABLE> tag). Tab...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtStyles="...the tabs (<TABLE> tag).

Tab...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +122
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

It would appear including HTML tags in my CSS comments produced the error. It would be nice if the error was captured/handled and or a warning about including HTML tags was shown.

User avatar
Member
Member
Martin_Kentico - 5/11/2006 8:29:54 AM
   
Re: Updating main.css from the CMS Desk
Hello,

Thank you for your post.

By default, the ASP.NET engine validates the input data to help the developers avoid the code injection. You can disable the validation on a web page by setting validateRequest=false in the Page directive (CSS styles editing page "~/cmsdesk/metadesigner/cssstylesedit.aspx") or in your web.config file for the whole website.

We will sure consider using this settings in a new version

Best regards

User avatar
Member
Member
ta5ae - 5/11/2006 10:19:36 AM
   
Re: Updating main.css from the CMS Desk
Thank you for the information.