i want to add a hyperlink in my message like
ModelState.AddModelError("_FORM", "Please report this error Click Here");
Im using asp.net mvc 2. How can i do this?
The problem is that the ValidationMessage and ValidationSummary methods internally use the SetInnerText() method which automatically encodes the values you have saved in the Model Errors.
Like queen3 suggests, you'll have to write your own versions of these methods to overcome this.
You can see original methods in the MVC2 source code here.
Replace tagNameHere.SetInnerText(value) with tagNameHere.InnerHtml = value
Important Note: Please make sure you take great care with where the information displayed in these messages comes from, you're allowing html now, so you're susceptible to Cross Site Scripting
Related
So, I'm trying to implement this rich text editor by jquery (jqueryrte.com) and it's giving me the following errors when I'm posting some edited values for a text area.
A potentially dangerous Request.Form value was detected from the
client (Model.Description="...wn and track athletes ...").
I saw something to fix this where you turn off validation for it. I also read about some kind of white listing tags and stuff. But it's my first time to use this kind of plug in and I'm a little worried about being vulnerable about JavaScript attacks. Looking for advice on how I should deal with this issue.
Based on the information from your question I can tell you:
You should add the following attribute to the action method that gets the request from your rich text box.
[ValidateInput(false)]
public ActionResult Add(string richtext)
{
}
This will not check for dangerous code just for the parameters on that Action method.
To whitelist for dangerous tags you may want to look at Microsoft AntiXss library:
http://msdn.microsoft.com/en-us/security/aa973814.aspx
I'm following the MVC 4 tutorial and I'm having some trouble with decimals and date validations.
When I try to insert a date in format dd-MM-yyyy (because it is the format defined in the Culture I have my pc in) it returns this error: The field ReleaseDate must be a date.
Also when trying to insert a decimal field like 3,01 it returns a validation message: The field xpto must be a number.
You will probably say in these case to use a dot for this but in the culture i'm using that is the thousands separator like 1.000
Is this a general problem or it is just me?
Thanks in advance for your help.
By "My PC" I assume you mean client side, the browser validation fails? See my article http://msdn.microsoft.com/en-us/library/gg674880(VS.98).aspx - jQuery moved the local specific files so you will have to hunt for them. For debugging 1. disable client side validation and verify server validation works with your local (ie, decimals and dates in your local). Then it's a matter of getting the correct client side validation. This is not really an MVC question, it's more of a "jQuery non-english date/time & decimal validation" type question. You might have to post this question again. Once you solve this, please post your solution.
To solve this quickly, create the simplest possible HTML page with jQuery validation that fails, then post the repro. You can look at the generated HTML from MVC to help you create a simple HTML page.
You can change this behavior by setting the input culture: http://msdn.microsoft.com/en-us/library/bz9tc508.aspx. You can fix it on a specific culture or use 'auto' so the browser will use the user's current culture.
I have a telerik MVC grid. After making some changes to the underlying code, the grid no longer shows the results returned from the server. I can see the correctly formatted JSON return from the server (using functionality from Web Developer Toolbar), but the grid never actually shows the data. However, it also doesn't generate an error. The loading icon just keeps spinning.
Does anyone have a suggestion on how to localize the problem? Thanks.
EDIT
Well, I managed to get a step further. Apparently something goes wrong in the "bindData"-function located in telerik.grid.js. More specifically in line 462:
460. var evaluate = column.display;
461. if (evaluate)
462. html.cat(evaluate(data[rowIndex]));
When trying to render the last column in the first row, evaluate is set to anonymous and somehow, this results in an "invisible" exception. The markup of this column is:
columns.Bound(c => c.DocumentId)
.ClientTemplate("<a href=\"" + Url.Content("/") +
"/document/<#= DocumentId #>\" target=\"_blank\"><#= Naam #></a>")
.Filterable(false)
.Title("Naam");
I don't understand why this would be a problem, as I use similar templates elsewhere without any problem.
EDIT
Ok, I got it. Apparently some exceptions will not be shown in the Firefox/Firebug console. However, Visual Studio together with IE do not have this problem. I finally discovered that indeed the field "Naam" was missing in the IEnumerable.
So something to take away here is never to trust the results from just one browser ;-)
I had a similar behaviour recently when I had changed the type that the grid was expecting.
Make sure that your ajax call is returning the correct IEnumerable that is specified in the grid markup.
You need to post code for the GridAction and markup if you want a more accurate answer.
Im trying to integrate a content filtering API. My plan was to use pre/post validators but I've lost may way somehow.
What i need to do is send the values to the content filtering service. If the response comes back that the content has been filtered it will also return a modified value for the field (basic profanity filtering... matches are replace with asterisks). Thats all well and good i can throw validation errors no problem - simple stuff.
However i dont want just throw errors. What needs to happen is that validation errors are thrown as normal, but the values are modified in the form for re-display.
Basically if someone posts something naughty i want them to get a validation error saying their post has been modified, they can re-submit the now "clean" post, or they can go about editing it to make it clean without the word replacements.
But do clean on a validator either throws an error OR returns cleaned values, not both. How can i go about implementing both? This will be used on many different forms with many different field names, so modifying methods on the form or a form base class isnt really an option - it needs to happen in the validation sub-framework somehow.
You can adjust this plugin for your needs http://www.symfony-project.org/plugins/WebPurifyPlugin
I have found in sfDoctrineApplyPlugin a template called applyAfter.php
that shows a message like "You have registered ok..." after the users apply for an account. It is called from the sfApply/apply action this way: "return 'After';" when the apply form is valid.
What kind of template is that? I never saw that way (return 'After';) of calling a template. Can someone give me info about that?
Second question: I show a layout with a language select when the the
apply form is printed. I wouldn't like to show that language select in
the page that shows the message "You have registered ok...". As the action
is the same in the both pages (sfApply/apply), what should i do to hide
the language select in the verification page?
Javi
The function returns the string 'After' to the caller. The caller always seems to be as follows: $this->widgetSchema->setNameFormat('sfApplyResetRequest[%s]');
So, the string 'After' is being used in conjunction with the setNameFormat function (which is part of the symfony libraries). All it is doing, is setting the 'name' attribute for the form. More information on this function here.
For your second question, you could simply add an IF statement, to check to see if the current route is the one that you do not want to display the language select on. If it isn't, then display the language select.
You can verify the current route with the following code:
sfContext::getInstance()->getRouting()->getCurrentRouteName();