I've got a textbox that a user can enter html into. I want to save the contents of the box including any html, but when the user clicks the <asp:button, before any other code is called, the browser error message
A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtGeneral="...R
pops up. Googled the fix for this and I added
ValidateRequest="False"
to the page and
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
to web.config
Now I get a different message
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster
which google says needs me to add
<machineKey validation="SHA1"
validationKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4CB2A1A1B2C3D4 E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1B2C3D4E5"
decryption="Auto"
decryptionKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1" />
to the web.config.
Even with this chunk in the web.config however, the browser still returns the "Validation of viewstate MAC failed." message.
Any ideas on how to fix this or more importantly, is there a way of bypassing this junk. I've got code to check for injection attack that will run before the save is made, I just want the browser to process the click. I know it's in there for security but there seems no way to get html out of a text area to a place it can be processed in whatever way you want.
How does everyone else process html in a text areaa?
Thanks
A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtGeneral="...R
pops up. Googled the fix for this and I added
ValidateRequest="False"
to the page and
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
to web.config
Now I get a different message
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster
which google says needs me to add
<machineKey validation="SHA1"
validationKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4CB2A1A1B2C3D4 E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1B2C3D4E5"
decryption="Auto"
decryptionKey="A1B2C3D4E5F6F6E5D4C3B2A1A1B2C3D4E5F6F6E5D4C3B2A1" />
to the web.config.
Even with this chunk in the web.config however, the browser still returns the "Validation of viewstate MAC failed." message.
Any ideas on how to fix this or more importantly, is there a way of bypassing this junk. I've got code to check for injection attack that will run before the save is made, I just want the browser to process the click. I know it's in there for security but there seems no way to get html out of a text area to a place it can be processed in whatever way you want.
How does everyone else process html in a text areaa?
Thanks