Search code examples
sqltinymcerazor-2asp.net-webpages

TinyMCE for WebPages Razor 2

I'm having some trouble using TinyMCE with ASP.NET Web Pages Razor 2. I'm trying to use TinyMCE with updating articles with SQL, however, it gives me this error:

"There was found a potentially dangerous Request.Form value for the client (Content="<p>Lorem ipsum dolor...")."

Linje 22: var update = "UPDATE [Tutorials] SET Heading=@0, Content=@1, Type=@2 WHERE ID=@3";
Linje 23: Heading = Request["Heading"];
Linje 24: Content = Request["Content"];
Linje 25: Type = Request["Type"];
Linje 26: db.Execute(update, Heading, Content, Type, TutorialId);

    @{

    Validation.RequireField("Heading", "Heading is required.");
    Validation.RequireField("Content", "Content is required.");
    Validation.RequireField("Type", "Type is required.");

    var Heading = "";
    var Content = "";
    var Type = "";

    var TutorialId = UrlData[0];
    if (TutorialId.IsEmpty()) {
        Response.Redirect("~/Members/Tutorials/List");
    }

    var db = Database.Open("MikZeRCoding2");

    string htmlEncoded = WebUtility.HtmlEncode(Content);

    if (IsPost && Validation.IsValid()) {
        var update = "UPDATE [Tutorials] SET Heading=@0, Content=@1, Type=@2 WHERE ID=@3";
        Heading = Request["Heading"];
        Content = Request["Content"];
        Type = Request["Type"];
        db.Execute(update, Heading, Content, Type, TutorialId);
        Response.Redirect("~/Members/Tutorials/List");
    }



    else {
        var select = "SELECT * FROM [Tutorials] WHERE ID=@0";

        var row = db.QuerySingle(select, TutorialId);
        Heading = row.Heading;
        Content = row.Content;
        Type = row.Type;
    }
  }

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title>Edit Tutorial - Admin Area</title>
    </head>
    <body>

        <script type="text/javascript">
            tinymce.init({selector:'textarea'});
        </script>

        <form method="post" action="">
            <div class="content-container">
                <ul>
                    <li>
                        <h3>Title</h3>
                        <input type="text" name="Heading" value="@Heading" />
                    </li>
                    <li>
                        <h3>Content</h3>
                        <textarea name="Content" id="content-editor">@Content</textarea>
                    </li>
                    <li>
                        <h3>Type</h3>
                        <input type="text" name="Type" value="@Type" />
                    </li>
                    <li>
                        <input type="submit" value="Update" />
                        @Html.ValidationSummary()
                    </li>
                </ul>
            </div>
        </form>
    </body>
</html>
Solution

  • You need to use Request.Unvalidated if you want to permit HTML to be posted:

    Content = Request.Unvalidated("Content");

    See more about request validation in ASP.NET Web Pages here: http://www.mikesdotnetting.com/Article/222/Request-Validation-In-ASP.NET-Web-Pages