System.Web.HttpRequestValidationException was unhandled by user code - CompressionModule.cs

by Klaus Graefensteiner 24. October 2010 09:51

Introduction

After I upgraded from BlogEngine 1.5 to BlogEngine 1.6.1 I couldn’t save anything from the TinyMCE html editor. It would always throw a System.Web.HttpRequestValidationException. The exact error message would read like this:

System.Web.HttpRequestValidationException was unhandled by user code
  Message=A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p>test</p>
<p>&nbs...")

WindowClipping (44)

Figure 1: BE 1.6.1 throwing an exception when saving from TinyMCE editor.

The complete error message looks like this:

	System.Web.HttpRequestValidationException was unhandled by user code
  Message=A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p>test</p>
<p>&nbs...").
  Source=System.Web
  ErrorCode=-2147467259
  WebEventCode=0
  StackTrace:
       at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
       at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
       at System.Web.HttpRequest.get_Form()
       at System.Web.HttpRequest.get_Item(String key)
       at BlogEngine.Core.Web.HttpModules.CompressionModule.context_PostReleaseRequestState(Object sender, EventArgs e) in C:\Users\Klaus\SVN\WEB\Tellingmachine 1.6.1\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:line 62
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  InnerException:

It took me a few minutes to figure out what was going on and how to navigate around this problem.

Solution

All you need to do is to set the requestValidationMode attribute in the web.config file to 2.0 in the httpRuntime element.

Before:

...
<httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384" />
...

After:

...
<httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384" requestValidationMode="2.0"/>
...

That’s it. Of course I would recycle the application pool or restart the Visual Studio development web server.

Download

The fixed web.config file for BlogEngine.NET 1.6.1 (XML provider) can be downloaded here: WebConfigWOException.zip

Tags: , , , ,

BlogEngine.NET | Debugging | How To | Visual Studio | Tips & Tricks | IIS

Submit to DotNetKicks...
Permalink | Comments (0)

About Klaus Graefensteiner

I like the programming of machines.

Add to Google Reader or Homepage

LinkedIn FacebookTwitter View Klaus Graefensteiner's profile on Technorati
Klaus Graefensteiner

Klaus Graefensteiner
works as Developer In Test and is founder of the PowerShell Unit Testing Framework PSUnit. More...

Open Source Projects

PSUnit is a Unit Testing framwork for PowerShell. It is designed for simplicity and hosted by Codeplex.
BlogShell is The tool for lazy developers who like to automate the composition of blog content during the writing of a blog post. It is hosted by CodePlex.

Administration

About

Powered by:
BlogEngine.Net
Version: 1.6.1.0

License:
Creative Commons License

Copyright:
© Copyright 2013, Klaus Graefensteiner.

Disclaimer:
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Theme design:
This blog theme was designed and is copyrighted 2013 by Klaus Graefensteiner

Rendertime:
Page rendered at 5/20/2013 11:53:53 PM (PST Pacific Standard Time UTC DST -7)