while trying to process some user input which contains characters such as <.
I do want to sanitize this input and allow it to be displayed and be XSS safe.
I’m getting this ajax error even though I haven’t reached the the vb code behind to clean up the input.
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500
The input is controlled by a btnNoteSave which is a updatepanel trigger.
<div style="width: 100%; float: left">
<div>
<asp:Button ValidationGroup="valgroup1" ID="btnNoteSave" runat="server" Text="Save"
class="ui-state-default ui-corner-all float-left ui-button" />
</div>
</div>
<div style="width: 100%; float: left">
<asp:UpdatePanel ID="pnlNotes" runat="server">
<ContentTemplate>
<div id="content_container" style="margin-top: 85px">
<asp:Label ID="lblNotes" runat="server"></asp:Label>
</div>
</ContentTemplate>
<Triggers>
<asp:AsyncPostBackTrigger ControlID="btnNoteSave" EventName="click" />
</Triggers>
</asp:UpdatePanel>
</div>
I’ve tried sanitizing my input in the code behind but I’m not even reaching that far. The error is an ajax error that throws when it reaches here.
Protected Sub btnNoteSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnNoteSave.Click
....
newnote.Note = Server.HtmlEncode(txtNote.Text)
....
End Sub
Any ideas how to get deal with these issues?
Thanks,
You probably need to add
ValidateRequest="false"to the @Page directive of your page (or to the<pages>element in your web.config file. This disables XSS checking by ASP.NET that is triggered when it encountered < > characters.If you are still getting 500 errors from the PageRequestManager try temporarily moving the controls outside of the UpdatePanel so you can better inspect the runtime error.