Thread: Distinct sendform.aspx thank you

Hello,

I have a client in need of a custom thank you message shown on sendform.aspx upon form submission.

currently i have an xmlpackage generate the form and add the products Summary as a hidden field in the form. Then sendform.aspx displays this summary as a thank you.

this worked wonderfully until my client decided to add links and formatting to the thank you messages. Once that happened the sendform.aspx will error out on form submission, stating that some variable (the summary) contains dangerous information (html tags).

I was wondering if there is a way to either disable this security feature, the site will never contain sensitive information. Or deliver the summary of a product in a different way which would allow links and formatting.

thanks again.

Disabling the feature is a bad idea...it would allow people to submit all kinds of things through the form (some of which you wouldn't want them submitting). As an alternative, you just need to encode the Summary before submitting the form.

well, after applying aspdnsf:HtmlEncode() to the summary before output to the hidden form variable the sendform.aspx no longer errors. The problem is now that it displays the html of the Summary on the page instead of the formatted summary.

Any suggestions on how i might force sendform.aspx to properly render the formatted output?

Nevermind, i got it. Had to decode the html in the sendform.aspx.cs

Label1.Text = Server.HtmlDecode(CommonLogic.FormCanBeDangerousContent("Summary"));//AppLogic.GetString("sendform.aspx.3", SkinID, ThisCustomer.LocaleSetting)