Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button. These
rows can contain asp.net controls. When this button is selected, the row is
added using JavaScript. The script uses cloneNode to clone a hidden template
row and all of its children and then adds the new row to the table, updates
all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created in
server-side code and then hidden on the client using javascript so that the
user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page, but
with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is there
any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidation( control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
4  4438 
event validation is to prevent hacking. it checks that postbacks are not done
by invisible controls or non-existent controls, for lists, the value is in
the list, etc.
you turn off event validation at the page level , then call
RegisterForEventValidation for all controls on the page, to have their events
and postback values validated.
-- bruce (sqlwork.com)
"Lewis Holmes" wrote:
Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button. These
rows can contain asp.net controls. When this button is selected, the row is
added using JavaScript. The script uses cloneNode to clone a hidden template
row and all of its children and then adds the new row to the table, updates
all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created in
server-side code and then hidden on the client using javascript so that the
user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page, but
with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is there
any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidation( control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
Hi Lewis,
As for the exception you mentioned, it does be caused by the Event
Validation since you have some javascript generated html field which will
post data to server-side. So far the "EventValidation" can only be
configured at page level. Though it may involve some risk, but it is
necessary if we need to include dynamically generated html fields on page.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Lewis Holmes" <en***@nospam.nospam>
Subject: EnableEventValidation exception when dynamically adding controls
on client with JavaScript
>Date: Wed, 30 Apr 2008 13:33:53 +0100
>
Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button.
These
>rows can contain asp.net controls. When this button is selected, the row
is
>added using JavaScript. The script uses cloneNode to clone a hidden
template
>row and all of its children and then adds the new row to the table,
updates
>all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created
in
>server-side code and then hidden on the client using javascript so that
the
>user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page,
but
>with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is
there
>any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidation (control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
Hi Steven
Thank you for reply. It is good to get confirmation on this issue.
Kind Regards
Lewis
"Steven Cheng [MSFT]" <st*****@online.microsoft.comwrote in message
news:kA**************@TK2MSFTNGHUB02.phx.gbl...
Hi Lewis,
As for the exception you mentioned, it does be caused by the Event
Validation since you have some javascript generated html field which will
post data to server-side. So far the "EventValidation" can only be
configured at page level. Though it may involve some risk, but it is
necessary if we need to include dynamically generated html fields on page.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
>>From: "Lewis Holmes" <en***@nospam.nospam>
Subject: EnableEventValidation exception when dynamically adding controls
on client with JavaScript
>>Date: Wed, 30 Apr 2008 13:33:53 +0100
>>
Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button.
These
>>rows can contain asp.net controls. When this button is selected, the row
is
>>added using JavaScript. The script uses cloneNode to clone a hidden
template
>>row and all of its children and then adds the new row to the table,
updates
>>all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created
in
>>server-side code and then hidden on the client using javascript so that
the
>>user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page,
but
>>with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is
there
>>any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidatio n(control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
Thanks for your reply Lewis,
If you have anything else need help later, welcome to post here also.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at: ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Lewis Holmes" <en***@nospam.nospam>
References: <CE**********************************@microsoft.co m>
<kA**************@TK2MSFTNGHUB02.phx.gbl>
>In-Reply-To: <kA**************@TK2MSFTNGHUB02.phx.gbl>
Subject: Re: EnableEventValidation exception when dynamically adding
controls on client with JavaScript
>Date: Thu, 1 May 2008 08:53:28 +0100
>
Hi Steven
Thank you for reply. It is good to get confirmation on this issue.
Kind Regards
Lewis
"Steven Cheng [MSFT]" <st*****@online.microsoft.comwrote in message
news:kA**************@TK2MSFTNGHUB02.phx.gbl...
>Hi Lewis,
As for the exception you mentioned, it does be caused by the Event
Validation since you have some javascript generated html field which will
post data to server-side. So far the "EventValidation" can only be
configured at page level. Though it may involve some risk, but it is
necessary if we need to include dynamically generated html fields on
page.
>>
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you.
Please
>feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
================================================= =
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
>ications.
================================================= =
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
>>>From: "Lewis Holmes" <en***@nospam.nospam>
Subject: EnableEventValidation exception when dynamically adding controls
on client with JavaScript
>>>Date: Wed, 30 Apr 2008 13:33:53 +0100
>>>
Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button.
These
>>>rows can contain asp.net controls. When this button is selected, the row
is
>>>added using JavaScript. The script uses cloneNode to clone a hidden
template
>>>row and all of its children and then adds the new row to the table,
updates
>>>all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created
in
>>>server-side code and then hidden on the client using javascript so that
the
>>>user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page,
but
>>>with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new
controls
>>>on the client which are posting values back to the server), however is
there
>>>any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so
from
>>>what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidati on(control.ID);
}
If there is no other way to stop this exception from happening, what can
I
>>>do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ashish Shridharan |
last post by:
Hi All
I have been trying to add a control to the header cell of
a datagrid on my ASP.NET page. These controls are defined
in the HTML as ASP.NET web controls.
They are being added into the...
|
by: Wim |
last post by:
Hi Everyone,
I'm trying to speed up a Asp.net 1.1 applications' performance. The
application needs to run in an environment with little bandwith and
therefore pagesizes and roundtrip times shoud...
|
by: Mihir |
last post by:
Hi There,
I've problem while I submit a button where I used AJAX, I created
simple page which will search the customer name from database using
AJAX. Once I search customer ID i need to search...
|
by: Jarod |
last post by:
I got following expeption:
Always when I try to update gridView using detailsView on the SECOND time.
So I made 1 update, and I try to make another one and than boom... I don't
add any controls...
|
by: bill |
last post by:
I dynamically create buttons and associate them with an event using
AddHandler.
I want all the button events to fire at one time, when the page is posted,
instead of when each button is clicked....
|
by: A.Wussow |
last post by:
Hi Everybody,
i want to load dynamically content from some user controls (with forms,
or some data-controls) using atlas. So i use an UpdatePanel for loading
the user control into a placeholder....
|
by: =?Utf-8?B?V2luRGV2?= |
last post by:
We have an ASP.Net v1.1 application that gets the error Error Message:Invalid
postback or callback argument. Event validation is enabled using <pages
enableEventValidation="true"/in configuration...
|
by: Shraddha |
last post by:
Hi,
I am adding some ASP.Net user controls (.ascx file) dynamically on the
button click. The user control will get added as many times userhits
the button. Now on the click of the submit button, I...
|
by: semomaniz |
last post by:
I have a form where i have created the form dynamically. First i manually added a panel control to the web page. Then i added another panel dynamically and inside this panel i created tables. I have...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
