How to force jqGrid 4.10.1-pre to encode ' character always

Free jqgrid uses setting

autoencode: true

grid definition contains:

                $grid.jqGrid({
                    url: '/admin/API/Entity',
                    datatype: "json",
                    editurl:'/admin/Detail/Edit'

In inline edit <a character is entered to Nimetus column and data is posted to server in url-encoded format.

Request URL:http://localhost:52216/admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0
Request Method:POST
Status Code:490 OK
Response Headers
view source
Cache-Control:private, s-maxage=0
Content-Length:122
Content-Type:application/json; charset=utf-8
Date:Mon, 23 Nov 2015 15:31:54 GMT
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-SourceFiles:=?UTF-8?B?STpccmFhbWF0XEVldmFXZWJcRWV2YS5FcnBcRGV0YWlsXEVkaXQ=?=
Request Headers

POST /admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0 HTTP/1.1
Host: localhost:52216
Connection: keep-alive
Content-Length: 1724
Accept: */*
Origin: http://localhost:52216
X-Requested-With: XMLHttpRequest

Query String Parameters

_entity:DokG
_dokumnr:135322
_vmnr:0
Form Data
view parsed
Kogus=&Nimetus=%3Ca&Mootyhik0_nimetus=&Hinnak=&Hind=&Myygikood=&_rowsum=0.00&Rtellimus=&Toode=&Kulukonto=&Yhik=&Id=0&Dokumnr=135322&Reanr=3&_oper=edit&_rowid=1648&_dokdata=%5B%7B%22name%22%3A%22Klient0_nimi%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasudok%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Kuupaev%22%2C%22value%22%3A%222015-11-23%22%7D%2C%7B%22name%22%3A%22Kellaaeg%22%2C%22value%22%3A%2217+29%22%7D%2C%7B%22name%22%3A%22Maksetin1_tingimus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarnekla2_nimetus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Konto3_tekst%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Yksus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasukuup%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Knr%22%2C%22value%22%3A%2213111%22%7D%2C%7B%22name%22%3A%22Alamdok4_nimetus%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Raha%22%2C%22value%22%3A%22EUR%22%7D%2C%7B%22name%22%3A%22Eimuuda%22%2C%22value%22%3A%22false%22%7D%2C%7B%22name%22%3A%22Prladu5_laonimi%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Krdokumnr%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tekst1%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Pais7obj%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Klient%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Maksetin%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarneklaus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Arvekonto%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Oper%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Laonr%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Dokumnr%22%2C%22value%22%3A%22135322%22%7D%2C%7B%22name%22%3A%22Kinnitatud%22%2C%22value%22%3A%22False%22%7D%5D

ASP.NET MVC4 controller uses reflection to call method which reads this value using ControllerContext.HttpContext.Request.Form["Nimetus"]

This access causes exception

System.Web.HttpRequestValidationException was unhandled by user code

  Message=A potentially dangerous Request.Form value was detected from the client (Nimetus="<a").

Exception occurs at line

ControllerContext.HttpContext.Request.Form["Nimetus"]

How to fix the issue ?

Edit controller method signature is

[AcceptVerbs(HttpVerbs.Post)]
[HandleJsonException]
public JsonResult Edit(string _entity, string _dokdata, int? _dokumnr, string _rowid,
    int? _vmnr, string _isik)

Update

Document header data is passed as _dokdata parameter using

    extraparam: { _dokdata: getEevaFormData },

   $.extend(true,$.jgrid.inlineEdit, {
        position: "beforeSelected",
        focusField: false,
        restoreAfterError: false,
        afterrestorefunc: function(rowId) {
            updateButtonState($grid, rowId);
            setFocusToGrid();
            lastSelectedRow = undefined;
        },
        aftersavefunc: function(rowId, response) {

            afterSaveFuncAfterAdd.call(this, rowId, response);

        },

        oneditfunc: function(rowId) {
            onInlineEdit(rowId);
            updateButtonState($grid, rowId);
        },
        keys: true,
        rowID: '_empty',
        useDefValues: true,
        extraparam: { _dokdata: getEevaFormData },
        errorfunc: errorfunc
    });

Controller _dokdata parameter contains now function definition with ” replaced to "

function getEevaFormData() {
    return JSON.stringify($(&quot;#_form&quot;).serializeArray());
}

Actually it should contain json string which is result this function call

Contents hide

Answers:

Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

I reverted encoding of ' and / to ' and / made to in free jqGrid. See the commit with the description of the reason. I think the part of jqGrid need be changed, but I revert to the previous behavior now.

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes

Article Rating