0

I used ckeditor for getting text from user. this field name is "Body" and in model is allowhtml. For encrypted hidden redux used like this

and i have an error : A potentially dangerous Request.Form value was detected from the client error is in DecryptingControllerFactory :

 public class DecryptingControllerFactory : DefaultControllerFactory
{
    private readonly IEncryptSettingsProvider _settings;

    public DecryptingControllerFactory()
    {
        _settings = new EncryptSettingsProvider();
    }

    public override IController CreateController(System.Web.Routing.RequestContext requestContext, string controllerName)
    {
        var parameters = requestContext.HttpContext.Request.Params;
        var encryptedParamKeys = parameters.AllKeys.Where(x => x.StartsWith(_settings.EncryptionPrefix)).ToList();

        IRijndaelStringEncrypter decrypter = null;

        foreach (var key in encryptedParamKeys)
        {
            if (decrypter == null)
            {
                decrypter = GetDecrypter(requestContext);
            }

            var oldKey = key.Replace(_settings.EncryptionPrefix, string.Empty);
            var oldValue = decrypter.Decrypt(parameters[key]);
            if (requestContext.RouteData.Values[oldKey] != null)
            {
                if (requestContext.RouteData.Values[oldKey].ToString() != oldValue)
                    throw new ApplicationException("Form values is modified!");
            }
            requestContext.RouteData.Values[oldKey] = oldValue;
        }

        if (decrypter != null)
        {
            decrypter.Dispose();
        }

        return base.CreateController(requestContext, controllerName);
    }

    private IRijndaelStringEncrypter GetDecrypter(System.Web.Routing.RequestContext requestContext)
    {
        var decrypter = new RijndaelStringEncrypter(_settings, requestContext.GetActionKey());
        return decrypter;
    }

}

and error is this line :

var parameters = requestContext.HttpContext.Request.Params;

Error:An exception of type 'System.Web.HttpRequestValidationException' occurred in System.Web.dll but was not handled in user code

Additional information: A potentially dangerous Request.Form value was detected from the client how to solve this problem?

Mohammad
  • 41
  • 6
  • 1
    https://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client – DanB Sep 07 '18 at 15:57

1 Answers1

0

I solved the problem with the code below :

 Func<NameValueCollection> formGetter;
        Func<NameValueCollection> queryStringGetter;
        ValidationUtility.GetUnvalidatedCollections(HttpContext.Current, out formGetter, out queryStringGetter);
        var form = formGetter();
        var encryptedParamKeys = form.AllKeys.Where(x => x.StartsWith(_settings.EncryptionPrefix)).ToList();
 var oldValue = decrypter.Decrypt(form[key]);
Mohammad
  • 41
  • 6