Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Portal input HTML into...
Microsoft Dynamics CRM (Archived)

Portal input HTML into field "Multiple Lines of Text"

(0) ShareShare
ReportReport
Posted on by appmachine123

Hi, I want to allow my Dynamics Portal visitors to fill a form fields content with the CKEDITOR, so that they can use HTML tags (eg lists). When I initialize the CKEDITOR with htmlEncodeOutput: true, HTML-tags are encoded when submitting the form. This leds to the following problem: When I'm fetching the data with fechXML and display it with liquid in my Portal frontend, the HTML-tags are encoded and therefore not interpreted and displayed by the browser. How can I decode the HTML-tags? Is there some kind of liquid filter?

The alternative would be to not encode the HTML-tags. But when I try to save HTML code from a Portals form, the Portal outputs the following error:

ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ContentContainer$MainContent$EntityControls$EntityFormControl$EntityFormControl_EntityFormView

Is it possible to deactivate the HTML Request Validation?

Thanks in advance for your help!

*This post is locked for comments

  • Suggested answer
    Dmytro Rutkovskyi Profile Picture
    Dmytro Rutkovskyi 1,835 on at
    RE: Portal input HTML into field "Multiple Lines of Text"

    Hi, to be able to save the form with symbols (deactivate the HTML Request Validation) -  please use Site Settings with name "DisableValidationWebTemplate" and value "true"

    If there are no such site setting - please create it.

    Liquid doesn't encode the output by default.

    Instead it has multiple filters to escape output, like {{ '<p>test</p>' | escape }} or {{ variable |h}}, or {{ variable | xml_escape}}.

    If text already escaped in CRM - probably you can use Javascript to un-escape it is easier way.

  • Suggested answer
    Joseph McGregor Macdonald Profile Picture
    Joseph McGregor Mac... 597 on at
    RE: Portal input HTML into field "Multiple Lines of Text"

    Hi appmachine

    We have a portal which has HTML entered for a multiline text field. In our implementation the html is encoded when submitted in the portal (using the native JavaScript encodeURIComponent method), then a preoperation plugin decodes the html (using the .NET Uri.UnescapeDataString method). I believe this was implemented to solve the reason you have described

    So I would suggest a potential solution to your problem is to implementing a preoperation plugin which decodes the html. There may be other ways to solve it but this solution works well in our portal instance

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,516 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,321 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans