Hi,
I have an application that require validaterequest in .Net to be turn off. All possible user inputs field in the application has been "HtmlEncoded" in order to prevent malicious scripts to be entered.
But when it comes to K2 Smartforms, I realise that there is no way I can do that. Meaning with validaterequest turned off in .Net, users are able to enter malicious scripts into any of my K2 Smartform fields to compromise the system. Is there a possible solution or work around that I can look at?
Thanks.
Page 1 / 1
One option is to encode the values in the K2 SmartForms manually by writing the code for this in the OnClick event of K2button that submits the form. This event is fired before the controls' values are updated to the K2 database.
Just note that there may be a small drawback in that the actual values of the controls may briefly be displayed as encoded text as the button clicked and before the page is submitted or redirected.
Just note that there may be a small drawback in that the actual values of the controls may briefly be displayed as encoded text as the button clicked and before the page is submitted or redirected.
Reply
View our Community Site Map
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.