Input Validation Errors
When I try to create a bug in Gemini with angle brackets in the Title, I get the following error when I click "Create":
Gemini Application Error
<p><font color="#0000ff">An application error has occured - please advise the Gemini administrator within your organization.</font></p><p>And the System Log has the following exception:</p><p><font color="#0000ff">A potentially dangerous Request.Form value was detected from the client
(ctl00$Main$IssueUC1$rtcDescription$txtTextBox="...j skja ta ."). at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.getForm() at System.Web.HttpRequest.getHasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.issueissueaspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
This also occurs with the Description field if we use the plain-text editor. If we use the rich text editor, the bug will be created successfully. But there is no option to use rich text in the Title field, and we prefer the plain text editor for the description as well.
Is there any way to work around this problem currently, or do I need to file a bug report about it?
The worst part is that the user is not warned before the error occurs, and the new bug they entered is completely lost.
MarcT
· 1 |
|
Wednesday, December 15, 2010, 12:55:30 AM |