MVC2 application with Ckeditor "potentially dangerous Request.Form - asp.net-mvc

I'm getting the "Potentially dangerous Request.Form request value was detected from the client" exception when im using my FCK editor.
How could encode before submit the form, or disable this validation without disable the Data Anotations validation?
This is the code of my view:
<% using (Html.BeginForm()) {%>
<%: Html.ValidationSummary("Please complete in a right way the fields below.") %>
<fieldset>
<legend>Fields</legend>
<div class="editor-field">
<%: Html.LabelFor(e => e.Name)%>
<%: Html.TextBoxFor(e => e.Name)%>
<%: Html.ValidationMessageFor(e => e.Name)%>
</div>
<div class="editor-field">
<%: Html.LabelFor(e => e.Teaser) %>
<%: Html.TextAreaFor(e => e.Teaser)%>
<%: Html.ValidationMessageFor(e => e.Teaser)%>
</div>
<div class="editor-field">
<%: Html.LabelFor(e => e.Description) %>
<%: Html.TextAreaFor(e => e.Description)%>
<%: Html.ValidationMessageFor(e => e.Description)%>
</div>
<p>
<input type="submit" />
</p>
</fieldset>
<% } %>
<script type="text/javascript">
//<![CDATA[
// This call can be placed at any point after the
// <textarea>, or inside a <head><script> in a
// window.onload event handler.
// Replace the <textarea id="xxxxxx"> with an CKEditor
// instance, using default configurations.
CKEDITOR.replace("Description");
//]]>
</script>
Thanks a lot in advance.

<httpRuntime requestValidationMode="2.0" />
Check: Request Validation - ASP.NET MVC 2

[script type="text/javascript" src="/ckeditor/_source/core/editor.js"][/script]
CKEDITOR.config.htmlEncodeOutput = true;

If you are working with the FCK editor or CKeditor you do not need to deal with the "requestValidationMode". As it will be applied on the entire application.
You can just do the followings:
CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});
Then in the controller:
model.Body = System.Net.WebUtility.HtmlDecode(model.Body);

config.htmlEncodeOutput
But it might be easier to use a .Net wrapper for CKEditor.

Related

umbraco mvc form model validation markup not showing

Running Umbraco 6.05, I have a custom model class with Data Annotations like:
[Required, StringLength(100), DataType(DataType.EmailAddress), DataType(DataType.MultilineText)]
and I pass the model to the view like so:
#inherits Umbraco.Web.Mvc.UmbracoViewPage<test.local.Models.ContactForm>
<script src="~/Scripts/jquery-1.7.1.min.js"></script>
<script src="~/Scripts/jquery.validate.min.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.min.js"></script>
#using (Html.BeginForm()) {
#Html.ValidationSummary(true)
<fieldset>
<legend>ContactForm</legend>
<div class="editor-label">
#Html.LabelFor(model => model.Name)
</div>
<div class="editor-field">
#Html.EditorFor(model => model.Name)
#Html.ValidationMessageFor(model => model.Name)
</div>
...
<p>
<input type="submit" value="Create" />
</p>
</fieldset>
}
But when it renders, the "data-val" attributes are missing, though interestingly the DataType EmailAddress/MultiLine work fine by inserting 'type="email"' and creating a 'textarea' appropriately.
Any ideas what I might be doing wrong?
Cheers
Answer found here:
http://our.umbraco.org/forum/developers/extending-umbraco/36898-Enable-unobtrusive-validation-for-mvc-forms
Turn on client side validation in your web.config

Copy a value to EditorFor ASP.Net MVC

Using ASP.Net MVC. In Edit mode I have this :
<div class="editor-field">
<%: Html.EditorFor(model => model.Date) %>
<%: Html.ValidationMessageFor(model => model.Date) %>
</div>
and I have a DatePicker using Jquery.
<rhp:DatePicker ID="DatePicker1" runat="server"></rhp:DatePicker>
and I can get the Text of date picker : DatePicker1.Text
When the user pick the date I want picked date to be copied to model.Date and save to database.
How can I do this?
If you don't want to create a custom EditorTemplate, the easiest way would be to remove the Html.EditorFor(m => m.Date) and use your DatePicker as the editor:
<div class="editor-field">
<rhp:DatePicker ID="Date" runat="server"></rhp:DatePicker>
<%: Html.ValidationMessageFor(model => model.Date) %>
</div>
Notice that the ID for the DatePicker control isDate, which should allow the model binder to bind the value to the Date property of your model.

ASP.NET MVC - Ajax.BeginForm vs Ajax.ActionLink

I've noticed when I use Ajax.BeginForm (with a submit button) that the Model is passed to the Controller but when I use an Ajax.ActionLink it is not passed - or at least I have not discovered how to tap into it.
First question: How do you determine which is the better route to take?
Now, for a little deeper dive into one sample scenario: I have a model that has a couple dozen simple data type properties and a few List properties. The Create/Edit View is rendered with a Html.BeginForm(). The submit button returns the entire view model and I can then go through it and save all the data to the DB via the DB Model. Like I said I have a few List pieces as well. For example, I have a List of credit cards accepted which I render as a series of check boxes, a List of Services Provided also rendered as a list of check boxes. All of these are easy to deal with on the Form Post. However, I have one List that is basically a free-form text entry and I would like to have the textbox with an Add button followed by all of the List items, each with a delete button.
My Create/Edit view looks something like:
<%# Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<RainWorx.FrameWorx.MVC.ViewModels.DirectoryEdit>" %>
<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" runat="server">
<div class="Column12">
<div class="Shadow"></div>
<h2 class="h2row"><%= Model.PageTitle%></h2>
</div>
<% using (Html.BeginForm())
{%>
<%: Html.ValidationSummary(true)%>
<fieldset>
<%--<legend>Fields</legend>--%>
<div class="editor-label">
<%: Html.LabelFor(model => model.Name)%>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(model => model.Name, new { style = "width:20em;" })%>
<%: Html.ValidationMessageFor(model => model.Name)%>
</div>
<div class="editor-label">
<%: Html.LabelFor(model => model.Address1)%>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(model => model.Address1, new { style = "width:20em;" })%>
<%: Html.ValidationMessageFor(model => model.Address1)%>
</div>
...
<div class="editor-label">
<%: Html.LabelFor(model => model.LookupAccepts)%>
</div>
<div class="editor-field">
<hr />
<% foreach (var a in Model.MyAccepts)
{
if (a.Checked)
{ %>
<input type="checkbox" name="AcceptIDs" checked="checked" value="<%: a.ID %>" /> <%: a.Name%><br />
<% }
else
{ %>
<input type="checkbox" name="AcceptIDs" value="<%: a.ID %>" /> <%: a.Name%><br />
<% }
} %>
</div>
<div class="editor-label">
<%: Html.LabelFor(model => model.LookupServices)%>
</div>
<div class="editor-field">
<hr />
<% foreach (var a in Model.MyServices)
{
if (a.Checked)
{ %>
<input type="checkbox" name="ServiceIDs" checked="checked" value="<%: a.ID %>" /> <%: a.Name%><br />
<% }
else
{ %>
<input type="checkbox" name="ServiceIDs" value="<%: a.ID %>" /> <%: a.Name%><br />
<% }
} %>
</div>
<div class="editor-label">
<%: Html.LabelFor(model => model.MyLicenses)%>
</div>
<div class="editor-field">
<hr />
<% Html.RenderPartial("EditLicense", model: Model); %>
</div>
<div class="editor-label">
</div>
<div class="editor-field">
<input type="submit" value="Save" />
</div>
</fieldset>
<% } %>
</div>
<div>
<%: Html.ActionLink("Back to List", "Index")%>
</div>
</asp:Content>
The Partial View looks like:
<%# Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" %>
<%# Import namespace="RainWorx.FrameWorx.MVC" %>
<% foreach (var license in Model.MyLicenses) { %>
<% } %>
My thought train for setting it up this way is pretty straight forward (I think it is anyways). I only have something to Ajax on the License section. I want to add one string after another without losing all of the information for the main model. And after the add is done I want to update the partial view with the updated List for it.
There is probably a better way to do this than what I laid out and if so, lay it on me. The main part I am trying to figure out right now (and quickly) is whether Ajax.ActionLink (and my Extension methods for it) are the right direction to go.
An Ajax.BeginForm simply ajaxifies the given form and when you submit it the values of all input fields that it contains are sent to the server. The only difference with a normal form is that the they are sent using AJAX.
On the other hand Ajax.ActionLink generates a simple anchor tag which performs an AJAX request to the given url. It won't send any additional values to the server unless you specify it.
How do you determine which is the better route to take?
Personally I don't use any of those. I use standard Html.BeginForm and Html.ActionLink and write the code manually to AJAXify them unobtrusively with jQuery (if I need to use Ajax of course).
For your scenario of implementing dynamic list editing you may take a look at the following blog post.

Asp.net MVC Client validation, strange behavior

When i write :
<% Html.EnableClientValidation(); %>
<% using (Html.BeginForm())
{ %>
<%: Html.ValidationSummary(false) %>
<%: Html.EditorForModel() %>
<p><input type="submit" name="name" value="Register" /> </p>
<% } %>
My client validation works perfectly.
but when i change " <%: Html.EditorForModel() %>" with (all the code around is the same) :
<div>User name<%: Html.EditorFor(x=>x.Name) %></div>
<div>Password<%: Html.EditorFor(x=>x.Password)%></div>
<div>Verify password <%: Html.EditorFor(x=>x.Password2) %></div>
Client side validation doesn't work.
am i missing something ? what "EditorForModel" does, that i didn't ?
Looks like you're missing validation messages. EditorForModel() is setting this up for you.
#Html.ValidationMessageFor(x=>x.Name)

How to render an HTML attribute from a Razor view

I would like to use the same partial view for create, edit, and details views, to avoid duplicating the fieldset structure for an entity. Then, depending on which view renders the partial view, I would like to add a class of "read-only" to a div surrounding my fieldset and handle making the actual input fields read-only on the client, using css or jQuery, or whatever. How can I specify from my Razor view that I need this class added to the "item-details" div?
<div class="item-details">
<fieldset>
<legend>Product Details</legend>
#Html.HiddenFor(model => model.DetailItem.ProductId)
<div class="editor-label">
#Html.LabelFor(model => model.DetailItem.Name)
</div>
<div class="editor-field">
#Html.EditorFor(model => model.DetailItem.Name)
#Html.ValidationMessageFor(model => model.DetailItem.Name)
</div>
<p>
<input type="submit" value="Save" />
</p>
</fieldset>
</div>
I would generally have a variable on the model that would indicate if your data is editable, and use it like:
<div class="item-details #(Model.IsReadOnly ? "read-only" : "")">
If you don't have it on the model however, you can use the ViewBag. In your parent view:
#{
ViewBag.IsModelReadOnly = true;
}
In your partial view:
<div class="item-details #(ViewBag.IsModelReadOnly ? "read-only" : "")">
Your html output for a readonly view would be
<div class="item-details read-only">
You can then access the div via jQuery and do what you need: $(".read-only")...
Why not just use
#Html.DisplayFor(model => model.[whatEver Property you are trying to show])

Resources