473,399 Members | 4,177 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > clientscriptmanager.registerforeventvalidation

Join Bytes to post your question to a community of 473,399 software developers and data experts.

ClientScriptManager.RegisterForEventValidation

Hi.

I have an asp:dropdown control to which I add items on the client, when the
page is posted back I get this error message.
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page. For security purposes,
this feature verifies that arguments to postback or callback events
originate from the server control that originally rendered them. If
the data is valid and expected, use the
ClientScriptManager.RegisterForEventValidation method in order to
register the postback or callback data for validation
A quick trawl on google hasn't turned up much except that I could set
enableEventValidation=false, this does work, but I'm reluctant as I'm unsure
what security/checking this feature provides.
I can't find any examples(working) of how I could use
ClientScriptManager.RegisterForEventValidation instead of turning off event
validation to solve my problem.

Help please.....

--
Stewart Bellamy
Ingenuity@work
Dec 6 '05 #1
2 12234
event validation checks the event and value are legal for the current
postback.

background: asp 1.1 web sites had a common user coded security bug. many
asp.net coders would control access to their site by disabling, making
invisible, or changing the value of control that performed functions the
user was not allowed. the onclick events would not recheck permissions, so a
hacker could easily perform these functions by postiing a response that
faked the button/value press (trival to do).

so, in asp 2.0, the default is to only allow events for controls that were
enabled, visible at page render, and that the value (in the case of a
button and dropdowns,etc ) matched the renderd values.

in your case, .net is detecting that the value posted back was not on the
list that it rendered, thus its detecting a a client hack. as you site is
expecting this behavior, you need to turn off the default checking,
ClientScriptManager.RegisterForEventValidation can be used for this, rather
than turning it off for the whole page/site.

-- bruce (sqlwork.com)

"stewart" <st*****@nospam.co.uk> wrote in message
news:%2********************@TK2MSFTNGP15.phx.gbl.. .
Hi.

I have an asp:dropdown control to which I add items on the client, when
the page is posted back I get this error message.
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page. For security purposes,
this feature verifies that arguments to postback or callback events
originate from the server control that originally rendered them. If
the data is valid and expected, use the
ClientScriptManager.RegisterForEventValidation method in order to
register the postback or callback data for validation
A quick trawl on google hasn't turned up much except that I could set
enableEventValidation=false, this does work, but I'm reluctant as I'm
unsure what security/checking this feature provides.
I can't find any examples(working) of how I could use
ClientScriptManager.RegisterForEventValidation instead of turning off
event validation to solve my problem.

Help please.....

--
Stewart Bellamy
Ingenuity@work

Dec 6 '05 #2
Great Bruce, thanks for clarifying that for me.

--
Stewart Bellamy
Ingenuity@work
"Bruce Barker" <br******************@safeco.com> wrote in message
news:uN****************@TK2MSFTNGP14.phx.gbl...
event validation checks the event and value are legal for the current
postback.

background: asp 1.1 web sites had a common user coded security bug. many
asp.net coders would control access to their site by disabling, making
invisible, or changing the value of control that performed functions the
user was not allowed. the onclick events would not recheck permissions, so
a hacker could easily perform these functions by postiing a response that
faked the button/value press (trival to do).

so, in asp 2.0, the default is to only allow events for controls that were
enabled, visible at page render, and that the value (in the case of a
button and dropdowns,etc ) matched the renderd values.

in your case, .net is detecting that the value posted back was not on the
list that it rendered, thus its detecting a a client hack. as you site is
expecting this behavior, you need to turn off the default checking,
ClientScriptManager.RegisterForEventValidation can be used for this,
rather than turning it off for the whole page/site.

-- bruce (sqlwork.com)

"stewart" <st*****@nospam.co.uk> wrote in message
news:%2********************@TK2MSFTNGP15.phx.gbl.. .
Hi.

I have an asp:dropdown control to which I add items on the client, when
the page is posted back I get this error message.
Invalid postback or callback argument. Event validation is enabled
using <pages enableEventValidation="true"/> in configuration or <%@
Page EnableEventValidation="true" %> in a page. For security purposes,
this feature verifies that arguments to postback or callback events
originate from the server control that originally rendered them. If
the data is valid and expected, use the
ClientScriptManager.RegisterForEventValidation method in order to
register the postback or callback data for validation
A quick trawl on google hasn't turned up much except that I could set
enableEventValidation=false, this does work, but I'm reluctant as I'm
unsure what security/checking this feature provides.
I can't find any examples(working) of how I could use
ClientScriptManager.RegisterForEventValidation instead of turning off
event validation to solve my problem.

Help please.....

--
Stewart Bellamy
Ingenuity@work


Dec 7 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
ClientScriptManager.RegisterForEventValidation
by: André | last post by:
Hi, i'm trying to get data from a asp.net 2.0 list box. The data is filled from javascript. i get this error Invalid postback or callback argument. Event validation is enabled using <pages...
ASP.NET
3
Sample usage of ClientScriptManager.RegisterForEventValidation
by: n33470 | last post by:
Hi all, I have a dropDownList on a web page that is populated by client-side script. I get an error on PostBack of the page. I've seen quite a few posts about this, so I understand the issue,...
ASP.NET
0
ClientScriptManager without a page...
by: Lloyd Dupont | last post by:
At some stage I'm inherithing from a kind of 'web component' which don't inherit from SWU.Control and have no ClientScript property. However I need to know (in order to make it work) an URL which...
ASP.NET
7
Callback ClientScriptManager.RegisterForEventValidation
by: Varangian | last post by:
Hi all, I have a question, what does the function ClientScriptManager.RegisterForEventValidation really does? Does it means securing your client side code? more security? The question is how...
ASP.NET
1
ClientScriptManager.ValidateEvent feature and how to work with it.
by: chris | last post by:
This topic is to get some details about the Event Validation feature in ASP.NET 2.0. I have researched this topic quite a bit via the web, and understand, for the most part how this works and why...
ASP.NET
2
RegisterForEventValidation can only be called during Render()
by: Albert | last post by:
I’ve been getting this error after converting my app from .NET 1.1 to .Net 2.0. RegisterForEventValidation can only be called during Render() An error occurs when I call ...
ASP.NET
2
ClientScriptManager.RegisterClientScriptBlock vs ClientScriptManager.RegisterClientScript
by: DNB | last post by:
What is the difference between ClientScriptManager.RegisterClientScriptBlock and ClientScriptManager.RegisterClientScript Thanks DNB
ASP.NET
1
ScriptManager and ClientScriptManager
by: news.rz.uni-karlsruhe.de | last post by:
What exactly is the difference between ScriptManager and ClientScriptManager? Do I use the ScriptManager whenever I use a script on an asp-ajax enabled page and the ClientScriptmanager...
ASP.NET
7
What does this ClientScriptManager code do??
by: AAaron123 | last post by:
I read the help on which says: The ClientScriptManager class is used to manage client-side scripts and add them to Web applications... But could use a little help. Can someone tell me what...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!