L
Lewis Holmes
Hi
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button. These
rows can contain asp.net controls. When this button is selected, the row is
added using JavaScript. The script uses cloneNode to clone a hidden template
row and all of its children and then adds the new row to the table, updates
all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created in
server-side code and then hidden on the client using javascript so that the
user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page, but
with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is there
any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidation(control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis
I have the following situation in one of my asp.net pages.
The user can add multiple table rows to a form by selecting a button. These
rows can contain asp.net controls. When this button is selected, the row is
added using JavaScript. The script uses cloneNode to clone a hidden template
row and all of its children and then adds the new row to the table, updates
all of the child control Ids and sets visibility etc.
The hidden template row which is cloned to create the new rows is created in
server-side code and then hidden on the client using javascript so that the
user never realises it is there.
This is works correctly if I turn EnableEventValidation off on the page, but
with it on I get the exception "Invalid postback or callback argument."
I understand why this exception occurs (because I am creating new controls
on the client which are posting values back to the server), however is there
any way I can stop this exception from happening without turning
EnableEventValidation off?
I must stress, the controls are being created using JavaScript and so from
what I understand I cannot register them for event validation server-side
using something like:
protected override void Render(System.Web.UI.HtmlTextWriter
writer)
{
base.Render(writer);
this.Page.ClientScript.RegisterForEventValidation(control.ID);
}
If there is no other way to stop this exception from happening, what can I
do to minimise injection attacks that may occur with
EnableEventValidation="false"?
Thanks
Lewis