So I'm having an issue with one of my DTGE types not rending in the backoffice. It seems to be because it has an RTE datatype set up on it. When I debug I can see that a HttpRequestValidationException is being thrown - A potentially dangerous Request.Form value was detected from the client. And I can see my RTE content (html tags etc) in the exception.... I'm not sure how to resolve!
It renders fine in the front end. It's just the backoffice where it's causing an issue.
I figured this out. My solution was based on the Hybrid Framework which uses DonutCaching. The DonutCaching was throwing a wobbler with the HTML in the request. I extended the DonutOutputCacheAttribute and now check for dtgePreview in the QueryString when executing. If it's there I just return instead of processing. Problem solved!
The problem seems to lie in the fact that the KeyGenerator is generating a cacheKey, whether the resulting request will be cashed or not.
Maybe it would be better to generate it after it has been determined this request needs to be cashed. Pretty useless otherwise.
I want POST request not cached anyway (OutputCacheOptions.NoCacheLookupForPosts), so I "solved" it for myself by forcing the option OutputCacheOptions.IgnoreFormData. It stops the KeyGenerator from inspecting the Form-values, which triggers the validation problem for RTE's in dtgePreview.
I hope anyone can still benefit from this, but would be better if the cachekey was generated later.
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
this.Options |= OutputCacheOptions.IgnoreFormData;
//.. all your other stuff
base.OnActionExecuting(filterContext);
}
DTGE not rendering in backoffice - RTE Request Validation Problem?
Hullo!
So I'm having an issue with one of my DTGE types not rending in the backoffice. It seems to be because it has an RTE datatype set up on it. When I debug I can see that a HttpRequestValidationException is being thrown - A potentially dangerous Request.Form value was detected from the client. And I can see my RTE content (html tags etc) in the exception.... I'm not sure how to resolve!
It renders fine in the front end. It's just the backoffice where it's causing an issue.
Confused!
I figured this out. My solution was based on the Hybrid Framework which uses DonutCaching. The DonutCaching was throwing a wobbler with the HTML in the request. I extended the DonutOutputCacheAttribute and now check for dtgePreview in the QueryString when executing. If it's there I just return instead of processing. Problem solved!
Nice detective work. Thanks for sharing your findings.
Thanks for sharing :) A code sample of how you extended would be nice, just for future reference.
no problem, here you go:
https://gist.github.com/alanmac/f8f1c81057a1af90c66d
This happened for me, only if I loaded a page with the same controller at least once, and the grid had a RTE in it.
Pretty much nothing worked:
ConfigurationManager.AppSettings["Umbraco.DPC.Theme.IsBackOffice"]as used here to override validation here https://gist.github.com/geoffbeaumont/a314caab1c96a604869fe92cf7f9f965 it isn't set when I tried to use it.UmbracoContext.Current.Security.IsAuthenticated()instead, didnt' work!I'm giving up: this controller will not be cached.
First and last time I'm using donut caching!
The problem seems to lie in the fact that the KeyGenerator is generating a cacheKey, whether the resulting request will be cashed or not.
Maybe it would be better to generate it after it has been determined this request needs to be cashed. Pretty useless otherwise.
I want POST request not cached anyway (OutputCacheOptions.NoCacheLookupForPosts), so I "solved" it for myself by forcing the option OutputCacheOptions.IgnoreFormData. It stops the KeyGenerator from inspecting the Form-values, which triggers the validation problem for RTE's in dtgePreview.
I hope anyone can still benefit from this, but would be better if the cachekey was generated later.
is working on a reply...