473,563 Members | 2,667 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

hiddenfield living out of scope?

13 New Member
My ASP.NET page generates some HTML, then sticks it into a hiddenfield so a javascript can access it and write it to a popup window.

I had to disable validation for this page, as HTML inside a field triggers ASP.NET's cross-site scripting security.

Now, this was all working well and good until I changed my navigation menus from plain images and anchors to ASP:imagebutton s. The navi menu is on my masterpage and in now within the same <form> block as the contentplacehol der. This is the only change I've done.

Now, when I click a button to go to a different page, all of my pages trigger the ASP.NET cross-site scripting security because of the hiddenfield on a single page.

Now, to try and fix this, I've set the hiddenfield's viewstate to false. I hope this would stop it from posting back, to no avail. Also, I've added the following event:
Expand|Select|Wrap|Line Numbers
  1. protected void reportField_Unload(object sender, EventArgs e)
  2. {
  3.     reportField.Value = "";
  4. }
But still, the security is tripped. It seems like this hiddenfield is living way outside it it's scope... why?
Oct 10 '07 #1
1 2038
KBTibbs
13 New Member
It seems the hiddenfield isn't living too long, it's just that its life is long enough to reach the other page's request validation.

So, it occurs to me that I can disable request validation with

<% Page ValidateRequest ="false"%>

and then call Request.Validat eRequest() in the page's OnLoad event. The hiddenfield should be expired by then, and we still get input validation early enough for security, yes?

or maybe if I could just disable validation on this one field... alas hiddenfield does not accept "CausesValidati on = false"
Oct 10 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics
0
1098
ASP.NET 2.0 FormView Insert function using HiddenField - 2nd Posting
by: le_mo_mo | last post by:
Hi, I am trying to insert some data using FormView which works fine but I do not know how to include hiddenfield and bind them in the construct so I can insert information like username, date, etc.. Any body has any suggestions? Thanks, mo
ASP.NET
9
4660
updating asp:HiddenField using a foreach of submitted values?
by: Kevin Blount | last post by:
Here's the code I tried, and found it failed... <form runat="server" method="post" name="CreditCardForm" id="CreditCardForm"> <% foreach (object item in Request.Form) { if (item.ToString().IndexOf("__") != 0) { //Response.Write(item + " = " + Request.Form +
C# / C Sharp
3
1961
HiddenField value not valid
by: sklett | last post by:
I've added a HiddenField control to my page and some javascript to show it's value in an alert box when a button is pressed. The value that is displayed in the alert box is correct, but when I post the form the value for the HiddenField control is empty. I'm pretty new to ASP.net so I'm not really sure what could cause this. I'm using...
ASP.NET
3
6846
Need help getting the value in a HiddenField!
by: Jeff | last post by:
Hey ASP.NET 2.0 Below you see the code I'm having problem with. In the Open_Message event/method I want to get the value of the HiddenField at the row in the repeater control I clicked.... my goal is to get the id (not a control Id, but an id related to a database record) of a row in the repeater control. I don't want to use Get... I've...
ASP.NET
1
1485
Can a hiddenField's name be a Variable?
by: Milkstr | last post by:
I have a repeating region with a hiddenfield on each line, i want to start a counter in my reapeating reagion so that the hiddenfield becomes unique on each line. So that is the reapeating region goe to say 10 records i actually have 10 hiddenfields with unique names. I thought i could just set a variable at the start of the loop that increments...
HTML / CSS
1
3434
Help getting at value of HiddenField in a UserControl (.Net 1.1)
by: RSH | last post by:
I have a situation where I have a user control (Called TopOrangeMenu) that has an Hidden HTML Field called "txtU" I am trying to get at the value of that hidden field control from within the User Control. Hidden Field Control as it apears in the HTML of the User Control: <INPUT id="txtU" type="hidden" runat="server"> Trace Output...
ASP.NET
5
2396
HiddenField
by: hharry | last post by:
Hello All, I am trying to make use the HiddenField server control to make a server-side variable visible to a client script. I set the value of the HiddenField inside of the Page_Load event. protected void Page_Load(object sender, EventArgs e) { this.myHiddenField.Value = myVar; }
ASP.NET
1
4542
Hiddenfield in formview
by: win | last post by:
I've created a formview and bind the columns. The column ModifyUser should not be be displayed so that I've modified from Textbos to HiddenField. How can I change the bind value of a Hiddenfield and update the formview? Thank you
ASP.NET
7
11498
asp.net HiddenField ClientId
by: imbirek8 | last post by:
Hi! I would like to write something in Javascript to HiddenField: <asp:HiddenField ID="hiddenMy" runat="server" Value="" /> And in the code behind read this value. But this HiddenField is in user control. I use this control in many pages and in every page this field has different value.. I don't know why, but it's error when I do: var ...
C# / C Sharp
0
7659
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
7580
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
Windows Server
0
7882
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
0
7945
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
General
0
6244
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
Career Advice
1
5481
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
5208
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
C# / C Sharp
1
2079
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
1
1194
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us