HTML tags in comments

Topics: Support Request
Apr 9, 2009 at 12:05 PM
Edited Apr 9, 2009 at 12:08 PM
I'm running latest oficial DasBlog release and have some troubles with HTML tags usage in comments. In configuration page I allow some HTML tags in comments. When I'm logged on as admin - all works fine. However my guests (readers) cannot use HTML tags. When they post comment, they receive error:

at DasBlog EventLog I have this message:
An error has been encountered while processing the page. We have logged the error condition and are working to correct the problem. We apologize for any inconvenience.

Error:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (_ctl2:comment="<b>test</b>").
at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at DotNetOpenId.Util.GetQueryFromContextNVC() in c:\git\dotnetopenid\src\DotNetOpenId\Util.cs:line 131
at DotNetOpenId.RelyingParty.OpenIdRelyingParty..ctor() in c:\git\dotnetopenid\src\DotNetOpenId\RelyingParty\OpenIdRelyingParty.cs:line 105
at newtelligence.DasBlog.Web.CommentViewBox.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
while processing http://www.sysadmins.lv/CommentView.aspx?guid={GUID}

I don't use OpenID.

any help will appreciated!
Oct 26, 2009 at 4:10 PM

I'm seeing the same exception:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (_ctl30:comment="...gra[/url] at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at DotNetOpenId.Util.GetQueryFromContextNVC() in c:\git\dotnetopenid\src\DotNetOpenId\Util.cs:line 131
at DotNetOpenId.RelyingParty.OpenIdRelyingParty..ctor() in c:\git\dotnetopenid\src\DotNetOpenId\RelyingParty\OpenIdRelyingParty.cs:line 105
at newtelligence.DasBlog.Web.CommentViewBox.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
while processing http://bryantlikes.com/CommentView.aspx?guid=450ba014-3672-4655-b389-ab9bcc125163.

 

Oct 26, 2009 at 4:25 PM

As workaround I was forced to disable html tags in comments. this is so bad :(

Developer
Oct 27, 2009 at 11:49 AM

It's been a while since I remember this happening to me, but I believe this was caused by a combination of HTML comments being enabled in combination with the Calendar control being present. I think if you disable the calendar control, it might work for you.

Dec 6, 2009 at 5:52 PM

I have tried to remove calendar macro from blog, but problem still exist, guests cannot use HTML tags :(