Opened 12 years ago
Last modified 12 years ago
#9788 confirmed Bug
ASP.NET 3.6.4 & HTMLEncodeOutput=False will not postback correctly
| Reported by: | Ross | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | Server : ASP.Net | Version: | |
| Keywords: | Cc: |
Description
In the IPostBackDataHandler.LoadPostData() method, the code will not save the posted value when htmlEncodeOutput=false .
bool IPostBackDataHandler.LoadPostData(string postDataKey, NameValueCollection postCollection)
{
if (this.config.htmlEncodeOutput)
{
string postedValue = HttpUtility.HtmlDecode(postCollection[postDataKey]);
if (this.Text != postedValue)
{
isChanged = true;
this.Text = postedValue;
return true;
}
}
return false;
}
Since this is false:
if (this.config.htmlEncodeOutput)
The code will never execute, therefore the value is not saving to:
string postedValue =... isChanged = true; this.Text = postedValue;
Change the procedure to the following and it started saving again:
bool IPostBackDataHandler.LoadPostData(string postDataKey, NameValueCollection postCollection)
{
string postedValue = this.config.htmlEncodeOutput ? HttpUtility.HtmlDecode(postCollection[postDataKey]) : postCollection[postDataKey];
if (this.Text != postedValue)
{
isChanged = true;
this.Text = postedValue;
return true;
}
return false;
}
The key is that regardless of the htmlencodeoutput value set the post collection saves to the postedValue
string postedValue = this.config.htmlEncodeOutput ? HttpUtility.HtmlDecode(postCollection[postDataKey]) : postCollection[postDataKey];
Please Note, I am using the ASP.NET 3.6.4 code base with the 4.0 version of CKEditor
Change History (2)
comment:1 Changed 12 years ago by
| Component: | General → Server : ASP.Net |
|---|---|
| Status: | new → confirmed |
| Version: | 4.0 |
comment:2 Changed 12 years ago by
This appears to have always been how CKEditor.net has worked, looking through the history here: https://dev.ckeditor.com/browser/CKEditor.NET/trunk/CKEditor.NET/CKEditorControl.cs .
But, I agree, it is a problem. I'll share my issue with it.
We've been using CKEditor for a couple years. The htmlEncodeOutput has always been set to true. But, a couple times a week, we get excessively escaped html POSTed, i.e. instead of <div we get amp;lt;div in the HTTP request. So, I've updated to ASP.NET 4.5, which allows to bypass request validation at the control level, rather than the page level, and wanted to allow the CKEditor control to post the raw html in order to pinpoint CKEditor's escape routine as the source of the problem.
But, due to this issue, I cannot get raw html through, since CKEditor.NET is ignoring it.
@FhyrDrake thank you for pointing this out.