You are viewing limited content. For full access, please sign in.

Question

Question

Forms having issues with custom HTML

Forms Version 10
Updated March 14, 2017
asked on March 13, 2017

I'm currently experiencing an issue where I am creating links to Web Access through Workflow. I am then obtaining the token from workflow and placing it into a field in Forms into a multi-line field. I am then grabbing the multi-line field value and placing it into a custom HTML field so that I can have clickable links in the Form to access the documents through Web Access. I will not have set  amount of links to documents. If I submit anything with with HTML tags into a description section it will cause an error. Below is an example of what is placed in the multi-line field and the list of values that are generated.

 

I did check the event viewer and noticed that it was flagging my multi-line field as malicious.

 

Stack Trace:
Caught exception: Laserfiche.Forms.CommonUtils.Exceptions.LFFormsException
Message: An unexpected error has occurred. [LFF502-UnexpectedError]


Inner exception: System.Web.HttpRequestValidationException
Message: A potentially dangerous Request.Form value was detected from the client (Field12="1. <a target="_blank" h...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpValueCollection.EnsureKeyValidated(String key)
   at System.Web.HttpValueCollection.Get(String name)
   at E_Forms.Models.ViewModels.Form.Submit.GetFieldDataFromForm(HttpRequestBase request)
   at E_Forms.Models.ViewModels.Form.Submit.RetrieveDataFromForm(HttpRequestBase request, Dictionary`2 formdata, Boolean SaveAll)
   at E_Forms.Controllers.FormController.Submit()
   at lambda_method(Closure , ControllerBase , Object[] )
   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<>c__DisplayClass2b.<BeginInvokeAction>b__1c()
   at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult)
 

0 0

Answer

SELECTED ANSWER
replied on March 14, 2017

This is because Forms is using .NET 4 which has strict validation policy. If you want to bypass that and use less strict validation policy provided with .NET 2.0, you can add following settings to the web.config(directly under the configuration node) under Forms folder:

<location path="Form/Submit">
	<system.web>
	<httpRuntime requestValidationMode="2.0"/>
	</system.web>
</location>

 

1 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...