You are viewing limited content. For full access, please sign in.

Question

Question

Forms 10.4.1 Not allowing illegal character combinations even with request validation 2.0

Forms
Updated June 24, 2020
asked on August 2, 2019 Show version history

I enabled request validation 2.0 but it still prompts the user that they are not allowed to enter illegal character combinations.

We want to legalize these character combinations in our environment because they are valid data to us, how do we do this now in 10.4.1

Here is the code I use to enable validation 2.0

<location path="Form/Submit">
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
</location>

 

Here is the original post on the subject from 10.3.1

https://answers.laserfiche.com/questions/155865/Forms--What-happened-to-my-data#159202

0 0

Replies

replied on August 5, 2019

Hi Chad,

     We added front end validation for illegal chars with validation mode 4.5 in Forms 10.4.1 to be more secure and provide better user experience, if you want to allow allow those characters combination in the fields, can you change the related fields to Rich Text field instead? Rich Text field allow entering all types of characters and can keep the format.

 

0 0
View 2 previous replies
replied on August 5, 2019

This is a bit difficult to work with. How can I make a single line input or text area from the rich text objects?

In the past we protected against injecting code by treating all user input as literal, this has worked for the last few decades. I am not understanding why we are moving in this direction, rejecting any input that looks anything like code. This seems to be a step back 20 years.

0 0
replied on August 8, 2019

We improved the experience that if Forms detect you set the requestValidationMode to 2.0 in the web.config for Forms/Submit, Forms will no longer validate the illegal chars on the front end. If you want a hotfix for this improvement, please file a support case, we can provide the hotfix through support case.

0 0
replied on June 23, 2020

We just upgrade from Forms 10.4.0.x to 10.4.4.4 and are now running into this issue.  Is there a workaround that doesn't involve a hotfix or changing to RTF fields?  This is causing us major issues today.

 

0 0
replied on June 23, 2020

Hi Rob,

    Can you check whether you still have following content in the web.config for Forms:

<location path="Form/Submit">
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
</location>

As I mentioned on https://answers.laserfiche.com/questions/155865/Forms--What-happened-to-my-data#156948 the customized settings in web.config won't be kept when upgrade from previous version.

0 0
replied on June 24, 2020

The web.config has the default requestValidationMode = "4.5".  I didn't put the <location path ="Form/Submit"> section in my web.config.  I wasn't sure if it would have any other negative impacts.  Is the best option to convert the fields to richtext fields?  I don't want to compromise security.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...