Looking for old forum posts and information? View the old forum archive here ยป
Welcome to Vortx Community Forum, where you can ask questions and receive answers from the staff at Vortx and other members of the community.

If you had a user account on our previous forums website, you will need to register a new account here.

A static copy of our previous forums website is available online for reference. Click here to access the forum archive.

Learn more about...

AspDotNetStorefront
DotFeed

I am getting error below when I edit appconfig in admin

A potentially dangerous Request.Form value was detected from the client .

Also if I add a string resource with any html tag in it, getting the same error.

Like: <a href="">Store Locator</a>. Thanks

asked Oct 3, 2013 in MultiStore by sbeheshti (130 points)

3 Answers

0 votes

You could try adding this to your web.config file but I'f advise stripping out the html from the app config

 

<pages validateRequest="false" /> 
answered Oct 7, 2013 by Skriver (2,345 points)
0 votes
   <location path="admin/appconfig.aspx">
        <system.web>
            <pages validateRequest="false" />
            <httpRuntime requestValidationMode="2.0" />
        </system.web>
    </location>

I added this temporarily in the web.config to solve the problem and allow you to finish your admin appconfig maintenance.  Assuming it is a security risk so that is the reason for adding it temporarily.  The "admin" is whatever your admin folder is named.

 

 

answered Jan 16, 2015 by sharona (155 points)
0 votes
You know the old joke: "It hurts when I move my arm like this. Then don't move your arm like that."? That's basically what you've got here. If you're getting errors including HTML in AppConfigs and StringResources, it's because you're not supposed to be doing that.

It looks like you're setting up navigation elements from within your AppConfig here. It's fine to store the navigation element string and the URL in separate StringResources or AppConfigs, but your application is reading the markup that you're trying to insert as a code injection attack vector.

Short version: keep markup out of AppConfigs and StringResources. You should only be storing markup in markup files or in "safe" areas like entity descriptions.
answered Jan 19, 2015 by Chris (3,685 points)
...