Code Behide on asp.net (my problem)

Apr 11, 2008 at 2:50 PM
Edited Apr 11, 2008 at 2:51 PM
How can I get html code from RTE in code behind? Please help me.
(I use VS 2008)

HTML
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="WBN.aspx.vb" Inherits="WBN" MasterPageFile="~/MasterPage2.master" %>

<%@ Register Assembly="FredCK.FCKeditorV2" Namespace="FredCK.FCKeditorV2" TagPrefix="FCKeditorV2" %>

<%@ Register assembly="RichTextEditor" namespace="AjaxControls" tagprefix="cc1" %>

<asp:Content ID="Content1" ContentPlaceHolderID="cphHead" Runat="Server">

<script type="text/javascript">
function dosub(){
editor = top.document.getElementById(editorId);
editor.value = richeditor.toHtmlString();

}
</script>

</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="cphMain" Runat="Server">
<div>
<asp:Panel ID="Panel1" runat="server" >


<br /> <br />
<table>
<tr>
<td colspan=2>
<b>Title</b><br />
<asp:TextBox ID="txtTopic" runat="server" Width="300px" ></asp:TextBox>

</td>
</tr>
<tr>
<td colspan=2>
<b>Detail</b><br />
<cc1:RichTextEditor ID="Rte1" Theme="Blue" runat="server" />
</td>
</tr>
<tr>
<%--<td>ชื่อ</td>--%>
<td colspan=2>
<b>ชื่อ</b><br />
<asp:TextBox ID="txtName" runat="server" Width="300px" ></asp:TextBox>
</td>
</tr>
<tr>
<td colspan=2 align="center">
<asp:Button ID="cmdPost" runat="server" Text="Post" Width="80px" />
<asp:Button ID="cmdCancel" runat="server" Text="Cancel" Width="80px" />

</td>
</tr>
</table>
</asp:Panel>
</div>
</asp:Content>

CODE BEHIND
Protected Sub cmdPost_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdPost.Click
Dim adox As New clsAdoX(Me, m_strConn)
Dim strFileName As String = ""
Dim strLocalFileName As String = ""
Dim strSQL As String

Try
Dim html As String = Me.Page.Request.Form("ctl00$cphMain$editor") '--> I can't get html from here

strSQL = "INSERT INTO QUESTION (QID, QTOPIC, Q_NOTE"
strSQL &= ", QIP, QDATE, QPOSTNAME, QPICPATH)"
strSQL &= "VALUES ("
strSQL &= ValueForSQL(m_intQID)
strSQL &= "," & ValueForSQL(txtTopic.Text)
strSQL &= "," & ValueForSQL(Rte1.Text)
strSQL &= "," & ValueForSQL(Request.UserHostAddress())
strSQL &= "," & ValueForSQL(Now.ToString("yyyy/M/d HH:mm:ss"))
strSQL &= "," & ValueForSQL(txtName.Text)
strSQL &= "," & ValueForSQL(strFileName)
strSQL &= ")"

adox.Execute(strSQL)

'---------------------------------------------------------------


Catch ex As Exception
adox.RollbackTransaction()
End Try
End Sub
Apr 11, 2008 at 8:07 PM
Edited Apr 11, 2008 at 8:08 PM
If you haven't already add the following to your Page Load event:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Page.Form.Attributes.Add("onSubmit", "CopyText(); return true;")
'
'whatever else you need to handle
'
End Sub

CopyText is a javascript function built in to the RTE which helps migrate the RTE HTML from client to server-side.

If you already have this and are still having problems, try putting a debug break point somewhere in your code-behind and navigate to Me.Page.Request.Form.AllKeys in your locals window and make sure that:
1. there is an entry of: [some id's]$editor in the list of keys
2. that you have unique id name correct in your code

Hope this helps
Apr 12, 2008 at 5:57 AM
Now, I added Page Load event to my code.

*A potentially dangerous Request.Form value was detected from the client (ctl00$cphMain$editor="<P align=left><FONT ...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$cphMain$editor="<P align=left><FONT ...").*

This error is appeared when I click post the message.

How can I do? Thank you very much.
Apr 14, 2008 at 12:03 PM
You are experiencing this error because you have the ValidateRequest property set to "true". The ValidateRequest property protects the website against potential harmful code being passed through the page request. When the HTML of the RichTextEditor is passed through the Page Request the Validator notices the html markup and throughs an error.

The quick solution is to turn the ValidateRequest property off by modifying the top of your *.aspx file, like so:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" ValidateRequest="false"

If you are concerned about the potential security risks involved with doing so a longer solution can be implemented. You can try modifying the RTE source code to encode the html in to a format that passes the request validator. See http://www.codeplex.com/rte/Thread/View.aspx?ThreadId=22248 for more details.

For more info on the ValidateRequest property see http://msdn2.microsoft.com/en-us/library/system.web.httprequestvalidationexception.aspx

Hope this helps