Breeding: sql - TinyMCE for WebPages Razor 2 -

Thursday, 15 September 2011

sql - TinyMCE for WebPages Razor 2 -

i'm having problem using tinymce asp.net web pages razor 2. i'm trying utilize tinymce updating articles sql, however, gives me error:

"there found potentially unsafe request.form value client (content="<p>lorem ipsum dolor...")."

linje 22: var update = "update [tutorials] set heading=@0, content=@1, type=@2 id=@3"; linje 23: heading = request["heading"]; linje 24: content = request["content"]; linje 25: type = request["type"]; linje 26: db.execute(update, heading, content, type, tutorialid);

    @{      validation.requirefield("heading", "heading required.");     validation.requirefield("content", "content required.");     validation.requirefield("type", "type required.");      var heading = "";     var content = "";     var type = "";      var tutorialid = urldata[0];     if (tutorialid.isempty()) {         response.redirect("~/members/tutorials/list");     }      var db = database.open("mikzercoding2");      string htmlencoded = webutility.htmlencode(content);      if (ispost && validation.isvalid()) {         var update = "update [tutorials] set heading=@0, content=@1, type=@2 id=@3";         heading = request["heading"];         content = request["content"];         type = request["type"];         db.execute(update, heading, content, type, tutorialid);         response.redirect("~/members/tutorials/list");     }        else {         var select = "select * [tutorials] id=@0";          var row = db.querysingle(select, tutorialid);         heading = row.heading;         content = row.content;         type = row.type;     }   }  <!doctype html> <html lang="en">     <head>         <meta charset="utf-8" />         <title>edit tutorial - admin area</title>     </head>     <body>          <script type="text/javascript">             tinymce.init({selector:'textarea'});         </script>          <form method="post" action="">             <div class="content-container">                 <ul>                     <li>                         <h3>title</h3>                         <input type="text" name="heading" value="@heading" />                     </li>                     <li>                         <h3>content</h3>                         <textarea name="content" id="content-editor">@content</textarea>                     </li>                     <li>                         <h3>type</h3>                         <input type="text" name="type" value="@type" />                     </li>                     <li>                         <input type="submit" value="update" />                         @html.validationsummary()                     </li>                 </ul>             </div>         </form>     </body> </html>

you need utilize request.unvalidated if want permit html posted:

content = request.unvalidated("content");

see more request validation in asp.net web pages here: http://www.mikesdotnetting.com/article/222/request-validation-in-asp.net-web-pages

sql tinymce razor-2 asp.net-webpages

Breeding

Thursday, 15 September 2011

sql - TinyMCE for WebPages Razor 2 -

No comments:

Post a Comment