Using jQuery, CKEditor, AJAX in ASP.NET MVC 2

Posted by Ray Linder on Geeks with Blogs See other posts from Geeks with Blogs or by Ray Linder
Published on Fri, 19 Mar 2010 01:54:00 GMT Indexed on 2010/03/19 10:11 UTC
Read the original article Hit count: 1121

Filed under:

After banging my head for days on a “A potentially dangerous Request.Form value was detected" issue when post (ajax-ing) a form in ASP.NET MVC 2 on .NET 4.0 framework using jQuery and CKEditor, I found that when you use the following:

Code Snippet
  1. $.ajax({
  2.     url: '/TheArea/Root/Add',
  3.     type: 'POST',
  4.     data: $("#form0Add").serialize(),
  5.     dataType: 'json',
  6.     //contentType: 'application/json; charset=utf-8',
  7.     beforeSend: function ()
  8.     {
  9.         pageNotify("NotifyMsgContentDiv", "MsgDefaultDiv", '<img src="/Content/images/content/icons/busy.gif" /> Adding post, please wait...', 300, "", true);
  10.         $("#btnAddSubmit").val("Please wait...").addClass("button-disabled").attr("disabled", "disabled");
  11.     },
  12.     success: function (data)
  13.     {
  14.         $("#btnAddSubmit").val("Add New Post").removeClass("button-disabled").removeAttr('disabled');
  15.         redirectToUrl("/Exhibitions");
  16.     },
  17.     error: function ()
  18.     {
  19.         pageNotify("NotifyMsgContentDiv", "MsgErrorDiv", '<img src="/Content/images/content/icons/cross.png" /> Could not add post. Please try again or contact your web administrator.', 6000, "normal");
  20.         $("#btnAddSubmit").val("Add New Post").removeClass("button-disabled").removeAttr('disabled');
  21.     }
  22. });


Notice the following:

Code Snippet
  1. data: $("#form0Add").serialize(),


You may run into the “A potentially dangerous Request.Form value was detected" issue with this. One of the requirements was NOT to disable ValidateRequest (ValidateRequest=”false”). For this project (and any other project) I felt it wasn’t necessary to disable ValidateRequest.

Note: I’ve search for alternatives for the posting issue and everyone and their mothers continually suggested to disable ValidateRequest. That bothers me – a LOT. So, disabling ValidateRequest is totally out of the question (and always will be). 

So I thought to modify how the “data: “ gets serialized. the ajax data fix was simple, add a .html(). YES!!! IT WORKS!!! No more “potentially dangerous” issue, ajax form posts (and does it beautifully)! So if you’re using jQuery to $.ajax() a form with CKEditor, remember to do:

Code Snippet
  1. data: $("#form0Add").serialize().html(),


or bad things will happen. Also, don’t forget to set

Code Snippet
  1. config.htmlEncodeOutput = true;


for the CKEditor config.js file (or equivalent). Example:

Code Snippet
  1. CKEDITOR.editorConfig = function( config )
  2. {
  3.     // Define changes to default configuration here. For example:
  4.     // config.language = 'fr';
  5.     config.uiColor = '#ccddff';
  6.     config.width = 640;
  7.     config.ignoreEmptyParagraph = true;
  8.     config.resize_enabled = false;
  9.     config.skin = 'kama';
  10.     config.enterMode = CKEDITOR.ENTER_BR;
  11.  
  12.     config.toolbar = 'MyToolbar';
  13.     config.toolbar_MyToolbar =
  14.     [
  15.         ['Bold', 'Italic', 'Underline'],
  16.         ['JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock', 'Font', 'FontSize', 'TextColor', 'BGColor'],
  17.         ['BulletedList', 'NumberedList', '-', 'Outdent', 'Indent'],
  18.         '/',
  19.         ['Scayt', '-', 'Cut', 'Copy', 'Paste', 'Find'],
  20.         ['Undo', 'Redo'],
  21.         ['Link', 'Unlink', 'Anchor', 'Image', 'Flash', 'HorizontalRule'],
  22.         ['Table'],
  23.         ['Preview', 'Source']
  24.     ];
  25.     config.htmlEncodeOutput = true;
  26. };


Happy coding!!!

Tags:

© Geeks with Blogs or respective owner