while trying to process some user input which contains characters such as <.
I do want to sanitize this input and allow it to be displayed and be XSS safe.
I'm getting this ajax error even though I haven't reached the the vb code behind to clean up the input.
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500
The input is controlled by a btnNoteSave which is a updatepanel trigger.
<div style="width: 100%; float: left">
<div>
<asp:Button ValidationGroup="valgroup1" ID="btnNoteSave" runat="server" Text="Save"
class="ui-state-default ui-corner-all float-left ui-button" />
</div>
</div>
<div style="width: 100%; float: left">
<asp:UpdatePanel ID="pnlNotes" runat="server">
<ContentTemplate>
<div id="content_container" style="margin-top: 85px">
<asp:Label ID="lblNotes" runat="server"></asp:Label>
</div>
</ContentTemplate>
<Triggers>
<asp:AsyncPostBackTrigger ControlID="btnNoteSave" EventName="click" />
</Triggers>
</asp:UpdatePanel>
</div>
I've tried sanitizing my input in the code behind but I'm not even reaching that far. The error is an ajax error that throws when it reaches here.
Protected Sub btnNoteSave_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnNoteSave.Click
....
newnote.Note = Server.HtmlEncode(txtNote.Text)
....
End Sub
Any ideas how to get deal with these issues?
Thanks,
You probably need to add ValidateRequest="false" to the #Page directive of your page (or to the <pages> element in your web.config file. This disables XSS checking by ASP.NET that is triggered when it encountered < > characters.
If you are still getting 500 errors from the PageRequestManager try temporarily moving the controls outside of the UpdatePanel so you can better inspect the runtime error.
Related
I have an aspx page, with an asp:DropDownList (here DropDownList_AuthenticationMode).
The element has a OnSelectedIndexChanged as well, and the AutoPostBack attribute set at true.
When this dropdownlist value changes, a request starts and the function Page_Load is triggered, but not the "DropDownList_AuthenticationMode_SelectedIndexChanged" one.
IsPostBack is also always false in the Page_Load function.
I tried a lot of things without having this function triggered.
The end button with the OnClick attribute launches the same thing, without triggering the GetQrCode method.
Is there something I could have forgot ?
<form id="Form1" runat="server">
<div class="rowflex" id="scrollableContent">
<div class=stepContent>
<div>
<span><asp:Literal ID="Literal_GetQrcode" runat="server"/></span>
<br/>
<br/>
<span><asp:Literal ID="Literal_FolderId" runat="server"/></span>
<br/>
Logout
<br/>
<br/>
<span><asp:Literal ID="Literal_URL" runat="server"/></span>
<br/>
<asp:TextBox ID="TextBox_URL" runat="server" style="width: 400px; max-width: 600px"/>
<br/>
<br/>
<span><asp:Literal ID="Literal_AuthenticationMode" runat="server"/></span>
<br/>
<asp:DropDownList ID="DropDownList_AuthenticationMode" runat="server" AutoPostBack="true" onselectedindexchanged="DropDownList_AuthenticationMode_SelectedIndexChanged" style="width: 400px; max-width: 600px"></asp:DropDownList>
<br/>
<br/>
<span><asp:Literal ID="Literal_Domain" runat="server" Visible="false"/></span>
<br/>
<asp:TextBox ID="TextBox_Domain" runat="server" Visible="false" style="width: 400px; max-width: 600px"/><br/>
<br/>
<br/>
<asp:Button ID="Button_GetQrCode" runat="server" OnClick="GetQrCode" />
<br/>
<br/>
<asp:label ID="Label_GetQrCodeResult" runat="server"></asp:label>
</div>
</div>
</div>
</form>
and the cs looks like this :
protected void DropDownList_AuthenticationMode_SelectedIndexChanged(object sender, EventArgs e)
{
Literal_Domain.Visible = TextBox_Domain.Visible = (DropDownList_AuthenticationMode.SelectedItem.Text == AUTHENTICATIONMODE_NTLM);
}
I'm running out of ideas about this issue.
Thank you !
Hum, as noted, postback will be true in these cases.
(but then again, page load always fires again - so you might not care much).
What you care is that control event stub is not working. I would put in a debug.print (or console.writeline - which ever you been using).
If it fails, then cut the code out of that stub, delete it, and then in the web form designer, display the property sheet, and double click on that index changed property (or whatever it is), and you be jumped to code behind - that should re-wire up the event stub.
eg:
So double click in the above combo drop down. It should create the event for you and you then will be jumped to the code editor. And cane then paste in the code you had before.
And ut that console write line before any other logic code in that event stub - you just want to ensure that the event does fire before you start debugging code that may not have been run or does not run in the first place.
The answer was not in the code !
web.config "DefaultDocument" was ignored by IIS only for postback operations... this was not targetting the aspx file.
It seems that when multiple UpdatePanels are on a single page, anytime an asyncPostBack occurs on one, all others will have their html reloaded. Is there a way around this?
Example
Example.aspx
<asp:UpdatePanel ID="UpdatePanel1" runat="server">
<ContentTemplate>
<div style="border: 1px solid black;">
<asp:TextBox runat="server" ID="txtTEST1" />
<asp:Label runat="server" ID="lblTEST1" />
<asp:Button runat="server" ID="btnTEST1" Text="AsyncPostBack1" />
<div onclick="this.innerHTML='Wooo!'">Click Me - UpdatePanel1</div>
</div>
</ContentTemplate>
</asp:UpdatePanel>
<div onclick="this.innerHTML='Wooo!'" style="padding: 1em;">Click Me. I'm not part of an Update Panel</div>
<asp:UpdatePanel ID="UpdatePanel2" runat="server">
<ContentTemplate>
<div style="border: 1px solid black;">
<asp:TextBox runat="server" ID="TextBox1" />
<asp:Label runat="server" ID="Label1" />
<asp:Button runat="server" ID="Button1" Text="AsyncPostBack2" />
<div onclick="this.innerHTML='Wooo!'">Click Me - UpdatePanel2</div>
</div>
</ContentTemplate>
</asp:UpdatePanel>
Example.aspx.vb
Protected Sub btnTEST1_Click(sender As Object, e As EventArgs) Handles btnTEST1.Click
lblTEST1.Text = "Refreshed at " & DateTime.Now.ToString()
End Sub
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Label1.Text = "Refreshed at " & DateTime.Now.ToString()
End Sub
Testing the issue
Click on all 3 of the divs with the "Click Me" text so that HTML is altered inside and outside of the UpdatePanels.
Click one of the buttons labeled "AsyncPostBack". Regardless on which one is clicked, both UpdatePanels will have their HTML rerendered and replaced, as seen by the 2 divs inside the UpdatePanels resetting to their original text.
So I ask, is it possible to have multiple UpdatePanels on the same page that don't cause each other to rerender every time one of them has a asyncPostBack event.
yes
set updatemode=conditional
provide the triggers which will trigger the update. here is a link to an example. (#1 result on google) http://ajax.net-tutorials.com/controls/updatepanel-control/
Try adding mode to update panel tag. If mode is not give the default mode is always. If the UpdateMode property is Always, the UpdatePanel control's content is updated on every postback that originates from anywhere on the page. Microsoft documentation about UpdateMode
<asp:UpdatePanel ID="BugsListUpdatePanel" runat="server" UpdateMode="Conditional">
Ok this is the weirdest thing I have seen in a while...
I am using VS studio 2010 to build a asp.net (framework 4.0) website. My code behind is in VB.Net, My testing browser is Firefox (latest version), also tested on IE8 and Google Chrome, same behavior.
Basically I have a LinkButton in a DataRepeater in a UpdatePanel.
The _ItemCommand event DOES FIRE for as long as I use the page regularly (every few minutes or so).
The problem is this: When I open another webpage (in another browser tab) and sit on it for like 1 hour or so and then come back to test page in the browser tab and click on the LinkButton, no event is fired and the page gets a reload. Like if the button had just died on me.
I first tough it might be a Session TimeOut issue but I logged the SessionID in a text file and the Session DOES NOT expire. <<<< Using new method for detecting TimeOut
I can confirm (logfiles) that the root of my problem is that the _ItemCommand event simply stops firing. I just have no idea why it does.
I have tried most solutions proposed under similar problems (event not firing) but my problem is positively different because my event DOES fire... Only for a limited time.
My Repeater ViewState is enabled.
I have tried changing the LinkButton for a Button but no joy same problem.
I have tried the uping the AsyncPostBackTimeout of the ScryptManager... no joy either.
I have tried sessionState mode="StateServer".
I have tried disabling my AVG Link Scanner.
So PLEASE, any idea... Don't be shy, at this point I'm ready to consider anything.
Here is the code I'm now using to check for Session Timeout:
If Context.Session IsNot Nothing And Context.Session.IsNewSession _
And Page.Request.Headers("Cookie") IsNot Nothing _
And Page.Request.Headers("Cookie").IndexOf("ASP.NET_SessionId") >= 0 Then
'SESSION HAS TIMEDOUT
End If
HERE IS THE PAGE MARKUP
<asp:UpdatePanel ID="udpRSSFeeds" runat="server" UpdateMode="Conditional">
<Triggers>
<asp:AsyncPostBackTrigger ControlID="cmdSearch" EventName="Click" />
<asp:AsyncPostBackTrigger ControlID="drpNewsFeed" EventName="ItemCommand" />
<asp:AsyncPostBackTrigger ControlID="cmdViewAll" EventName="Click" />
</Triggers>
<ContentTemplate>
<table class="Borderless" cellpadding="0" cellspacing="0" style="width:100%">
<tr><td class="lblHeaderText">NEWS FEEDS</td></tr>
<%--BEGIN: SEARCH GIZMO--%>
<tr><td>
<table class="Borderless" style="width:100%;" cellpadding="0" cellspacing="0">
<tr>
<td style="text-align:right; vertical-align:middle; height:32px;" >
<asp:TextBox ID="tbxSearchBox" runat="server" MaxLength="50" AutoCompleteType="None" Font-Size="16px" style="height:20px; width:187px; font-size:16px; border-style:solid; border-color:#54d242;" onfocus="Javascript:this.focus();this.select();" ></asp:TextBox>
</td>
<td style="text-align:left; vertical-align:middle; width:150px; height:32px;" >
<asp:ImageButton ID="cmdSearch" ImageUrl="~/GUIImages/cmdSearch.jpg" ToolTip="Search feed(s) for keyword(s)." Height="26px" Width="26px" runat="server" BorderStyle="None" ImageAlign="Middle" />
</td>
</tr>
</table>
</td></tr>
<%--END: SEARCH GIZMO--%>
<%--BEGIN FEED LIST--%>
<tr><td style="padding:3px 0px 3px 0px;"><asp:LinkButton ID="cmdViewAll" runat="server" CssClass="MenuItemActive" PostBackUrl="" CausesValidation="false" Text="* View ALL RSS Feeds"></asp:LinkButton></td></tr>
<asp:XmlDataSource ID="xdsNewsFeed" runat="server" DataFile="App_Data/RSSFeeds.xml" XPath="dataroot/qryRSSFeed"></asp:XmlDataSource>
<asp:Repeater ID="drpNewsFeed" runat="server" DataSourceID="xdsNewsFeed" EnableViewState="true" >
<ItemTemplate>
<tr><td style="padding:3px 0px 3px 0px;">
<asp:LinkButton ID="cmdSelectNewsFeed" runat="server" CssClass="MenuItem" CausesValidation="false" CommandName='<%#XPath("ID")%>'>- <%#XPath("Title")%></asp:LinkButton>
</td></tr>
</ItemTemplate>
</asp:Repeater>
<%--END FEED LIST--%>
<tr><td> </td></tr>
</table>
</ContentTemplate>
</asp:UpdatePanel>
HERE IS THE PAGE CODE BEHIND
Protected Sub drpNewsFeed_ItemCommand(ByVal source As Object, ByVal e As System.Web.UI.WebControls.RepeaterCommandEventArgs) Handles drpNewsFeed.ItemCommand
Dim oLogger As New nebLogManager("TESTNWOSGN.txt")
oLogger.TraceStart("drpNewsFeed_ItemCommand (" & Session.SessionID & ")")
'some code that never gets run because the event is not fired...
oLogger.TraceStop("drpNewsFeed_ItemCommand (" & Session.SessionID & ")")
End Sub
Protected Sub cmdSearch_Click(ByVal sender As Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles cmdSearch.Click
Dim oLogger As New nebLogManager("TESTNWOSGN.txt")
oLogger.TraceStart("cmdSearch_Click (" & Session.SessionID & ")")
'some code that never gets run because the event is not fired...
oLogger.TraceStop("cmdSearch_Click (" & Session.SessionID & ")")
End Sub
Not sure if its important but it uses a master_page on which sits the ScriptManager
COMPREHENSIVE TEST SCENARIO:
BROWSE TO: http://www.nwosurvivalguide.com/NWOSGN.aspx
CLICK on a News Feed (left side)
LET sit for 30ish minutes
GO BACK and click on another news feed
Result >>> Event not fired but page loads
Page_Init detects a Session Timeout.
If you refresh the page everything become functional again.
First I wish to thank JHSOWTER for pointing out that my initial session timeout detection logic was flawed. That really sent me back on the right track.
So the problem was that my session was timing out due to application pool recycling.
The standard SessionTimeout solution would not work because I am on a shared hoster who controls the application pool timeout.
The SOLUTION was to add the following lines to the Web.Config file (within the <system.web> tag):
<sessionState timeout="60" cookieless="false" mode="StateServer" />
<machineKey ... />
To generate my machine key tag I used this tool:
http://aspnetresources.com/tools/machineKey
After those changes all my problems went away.
Again thanks a lot for the help.
I have googled around for this and found a fair few people are having similar behaviour because of the AVG Link Scanner.
Firefox __doPostBack not working after idle time
http://forums.asp.net/post/4021595.aspx
I am getting the below stated error in javascript. This error occurs when i try to cal update panel on button click
Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server could not be parsed. Common causes for this error are when the response is modified by calls to Response.Write(), response filters, HttpModules, or server trace is enabled.
Details: Error parsing near 'Panel|UpdatePanel1|
<div id="up'.
Here is the UpdatePanel code:
<asp:UpdatePanel ID="UpdatePanel1" runat="server" UpdateMode=Conditional >
<ContentTemplate>
<div style="font-size:10px; font-weight:bold;display:none;" align=center id="up_div" runat=server >Apply Flat Rate to all days
<asp:TextBox ID="txtflatrate" runat="server" Width=40 ></asp:TextBox>
<asp:Button ID="btn_apply" runat="server" Text="Go" UseSubmitBehavior=false OnClick="btn_apply_Click" />
<asp:Table ID="tbl_charges" runat="server" EnableViewState=true>
</asp:Table>
Total: <asp:TextBox ID="txtttlrate" runat="server" ReadOnly="True"></asp:TextBox>
</div>
<div id="div_norates" runat=server visible=false style ="font-size:11px" class="red_font">
<font color='red'>
<center><b>Please make the neccessary changes before <i>creating a booking</i></b></font></CENTER><br/><br/><br/><center>The <i>season </i>for the date period chosen is <i>not set </i><br/> <center> <br/>OR </center> <br/> The <i>room type </i>for the season is <i>not set</i>. <br/><br/><br/>Make neccessary changes in <i>seasons master</i></center>
</div>
</ContentTemplate>
<Triggers>
<asp:AsyncPostBackTrigger ControlID=btn_calc EventName=click />
<asp:AsyncPostBackTrigger ControlID=btn_apply EventName=click />
</Triggers>
</asp:UpdatePanel>
I am not able to understand why this error is coming? Can anyone help me sort out this issue?
I believe the aspx markup in incorrect causing the parser error. Check at UpdateMode=Conditional
If that is not the case please ensure that you are not using a Response.Write() in the async postback(see error message).
I can't figure this out. I've tried everything and am pulling my hair out. I can't seem to call this:
<asp:Button ID="Button3" runat="server" Text="Button" style="display: none;" />
<asp:ModalPopupExtender ID="ModalPopupExtender2" runat="server"
targetcontrolid="Button3" popupcontrolid="Panel1"
popupdraghandlecontrolid="Popup2" drag="true"
backgroundcssclass="ModalPopupBG">
</asp:ModalPopupExtender>
<asp:Panel ID="Panel1" runat="server">
<div class="HellowWorldPopup">
<div class="PopupHeader2" id="Popup2">
</div>
<div class="Controls">
<center><table border=0 cellpadding=0 cellspacing=0><tr><td><img src="Images/ajax-loader.gif" /></td><td> Please Wait...</td></tr></table></center>
</div>
</div>
</asp:Panel>
By using this:
Protected Sub LoginButton_Click1(ByVal sender As Object, ByVal e As EventArgs)
Me.ModalPopupExtender2.Show()
System.Threading.Thread.Sleep(1000)
Me.ModalPopupExtender2.Hide()
End Sub
What, on Earth, is wrong with my code? The button executes, and when I step through I get a 'There is no source code available for the current location' when it hits Me.ModalPopupExtender2.Show().
Any ideas?
Thanks,
Jason
You need to allow the Response to the LoginButton_Click1 to complete before you put the thread to sleep and hide the popup. In other words, take out
System.Threading.Thread.Sleep(1000)
Me.ModalPopupExtender2.Hide()
You'll need to use some other mechanism to hide the popup after your timeout. One common way is to set a javascript timeout on the client and have it close the window.
The javascript timeout function would have code like this in it (make sure it's after the scriptmanager on the page).
var mpu = $find('ModalPopupExtender2');
mpu.hide();