473,499 Members | 1,539 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

hiddenfield living out of scope?

13 New Member
My ASP.NET page generates some HTML, then sticks it into a hiddenfield so a javascript can access it and write it to a popup window.

I had to disable validation for this page, as HTML inside a field triggers ASP.NET's cross-site scripting security.

Now, this was all working well and good until I changed my navigation menus from plain images and anchors to ASP:imagebuttons. The navi menu is on my masterpage and in now within the same <form> block as the contentplaceholder. This is the only change I've done.

Now, when I click a button to go to a different page, all of my pages trigger the ASP.NET cross-site scripting security because of the hiddenfield on a single page.

Now, to try and fix this, I've set the hiddenfield's viewstate to false. I hope this would stop it from posting back, to no avail. Also, I've added the following event:
Expand|Select|Wrap|Line Numbers
  1. protected void reportField_Unload(object sender, EventArgs e)
  2. {
  3.     reportField.Value = "";
  4. }
But still, the security is tripped. It seems like this hiddenfield is living way outside it it's scope... why?
Oct 10 '07 #1
1 2029
KBTibbs
13 New Member
It seems the hiddenfield isn't living too long, it's just that its life is long enough to reach the other page's request validation.

So, it occurs to me that I can disable request validation with

<% Page ValidateRequest="false"%>

and then call Request.ValidateRequest() in the page's OnLoad event. The hiddenfield should be expired by then, and we still get input validation early enough for security, yes?

or maybe if I could just disable validation on this one field... alas hiddenfield does not accept "CausesValidation = false"
Oct 10 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics
0
1093
ASP.NET 2.0 FormView Insert function using HiddenField - 2nd Posting
by: le_mo_mo | last post by:
Hi, I am trying to insert some data using FormView which works fine but I do not know how to include hiddenfield and bind them in the construct so I can insert information like username, date,...
ASP.NET
9
4654
updating asp:HiddenField using a foreach of submitted values?
by: Kevin Blount | last post by:
Here's the code I tried, and found it failed... <form runat="server" method="post" name="CreditCardForm" id="CreditCardForm"> <% foreach (object item in Request.Form) { if...
C# / C Sharp
3
1955
HiddenField value not valid
by: sklett | last post by:
I've added a HiddenField control to my page and some javascript to show it's value in an alert box when a button is pressed. The value that is displayed in the alert box is correct, but when I...
ASP.NET
3
6841
Need help getting the value in a HiddenField!
by: Jeff | last post by:
Hey ASP.NET 2.0 Below you see the code I'm having problem with. In the Open_Message event/method I want to get the value of the HiddenField at the row in the repeater control I clicked.... my...
ASP.NET
1
1480
Can a hiddenField's name be a Variable?
by: Milkstr | last post by:
I have a repeating region with a hiddenfield on each line, i want to start a counter in my reapeating reagion so that the hiddenfield becomes unique on each line. So that is the reapeating region goe...
HTML / CSS
1
3430
Help getting at value of HiddenField in a UserControl (.Net 1.1)
by: RSH | last post by:
I have a situation where I have a user control (Called TopOrangeMenu) that has an Hidden HTML Field called "txtU" I am trying to get at the value of that hidden field control from within the...
ASP.NET
5
2388
HiddenField
by: hharry | last post by:
Hello All, I am trying to make use the HiddenField server control to make a server-side variable visible to a client script. I set the value of the HiddenField inside of the Page_Load event. ...
ASP.NET
1
4533
Hiddenfield in formview
by: win | last post by:
I've created a formview and bind the columns. The column ModifyUser should not be be displayed so that I've modified from Textbos to HiddenField. How can I change the bind value of a Hiddenfield...
ASP.NET
7
11489
asp.net HiddenField ClientId
by: imbirek8 | last post by:
Hi! I would like to write something in Javascript to HiddenField: <asp:HiddenField ID="hiddenMy" runat="server" Value="" /> And in the code behind read this value. But this HiddenField is in...
C# / C Sharp
0
7130
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7171
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7220
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6893
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7386
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
1
4918
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
3098
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
1427
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
295
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us