July 2010 Blog Posts

Update

I’ve updated my solution for this issue to be more robust and easier to follow. Please read the latest post instead.

TinyMCE is a great little WYSIWYG JavaScript text editor that we use quite often inside administration pages. It’s lightweight and just works out of the box.

Well, except for the little issue of HTML encoding its output. When you submit an ASP.NET form that contains the TinyMCE text editor, you get this lovely message:

A potentially dangerous Request.Form value was detected from the client (ctl00$ContentBody$TextBoxBodyHtml="<p>Test!</p>").

Which is good, because that’s ASP.NET doing some checking and helping to protect your site from XSS attacks.

The standard solution you see floating around the web is to turn off Validation for the page entirely. This gets more hairy when you’re talking about ASP.NET 4.0 – you end up having to force the entire web application to use the ASP.NET 2.0 validation model.

I’ve never liked this method, and I doubt anyone who has used it in the past has felt great about it either. Validation is there for a reason.

The real solution is to use the built-in output encoding option on the TinyMCE control, and then HtmlDecode the output yourself on the server-side (if you want to).

<tinymce:TextArea id="TextBoxBodyHtml" encoding="xml" runat="server" />
public string BodyHtml
{
    get { return HttpUtility.HtmlDecode(TextBoxBodyHtml.Value); }
    set { TextBoxBodyHtml.Value = value; }
}

So, with the encoding option set to XML, TinyMCE posts back the already-encoded HTML chunk, and ASP.NET’s XSS validation doesn’t get tripped. Everyone’s happy!

According to the TinyMCE manual:

This option is set to nothing by default and is therefore disabled.

I’d love it if they changed that around and encoded everything by default.

Ran across this one today, and because it’s weird and annoying I thought I’d post a solution. You can thank me later!

The problem goes like this: You’re using Visual Studio 2010 and trying to add a control to an APSX page in an ASP.NET Web Application targeted to .NET 4.0, and some controls don’t show up in IntelliSense. When you type the tag manually, Visual Studio complains that

Element 'ListView' is not a known element. This can occur if there is a compilation error in the Web site, or the web.config file is missing.

The application builds fine, and doesn’t throw any errors when you run it.

After a bit of Googling, I found the solution on the ASP.NET forums:

Close Visual Studio, delete the schema cache, and re-open Visual Studio. You can find the schemas under something like:

C:\Users\Pavel\AppData\Roaming\Microsoft\VisualStudio\10.0\ReflectedSchemas

It is safe to delete all files in this folder.

Delete the contents of that above folder, and all is well.

Search

Site Sections

Recent Posts

Archives

Post Categories

WHS Add-In Tutorial

WHS Blogs

WHS Development