Display the Rss feed using the query string keyword

Lokesh Uppalapati asked on October 8, 2018 15:33

Hi Guys,

I have a requirement to display the rss feed using the Query string keyword

For Example Url : abcd.com/rss/food

i need to get the rss feed data which is related to Food keyword

I'm using the {%"CONTAINS(Tags, '"+QueryString["keyword"]+"')"#%} and CONTAINS(Tags, '"{?keyword?}"') in the Form tab But it is displaying the below Error

Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: An invalid SQL query was used.

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

  1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Thanks,

Lokesh.

Recent Answers

Brenden Kehren answered on October 8, 2018 15:40 (last edited on December 10, 2019 02:31)

Looks like a couple things you need to change up to help eliminate some issues with how Kentico handles SQL injection.

CONTAINS(Tags, '{%IfQueryString.GetValue("keyword, "") != "") { QueryString.GetValue("keyword", ""); } else { "no-tags"; } |(identity)GlobalAdministrator%})

Secondly, you'll want to sanitize that "keyword" parameter input.

Lastly, you need to make sure you have the parameter added to the alias of that page. Meaning you'll need to add an alias like below to get the keyword parameter to work:

/rss/{keyword}

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.