Adlib API home page > News

New release 3.6.257

With the release of the .NET 4.0 framework Microsoft has imposed a more strict validation scheme on data that is posted to HTTP handlers, such as wwwopac. The goal of this stricter regime is to safeguard applications against script injection. In more concrete terms this means that posting data which contains tags will result in a “A potentially dangerous request value was detected from the client” exception. To overcome this the data that will be posted has to be HTML encoded (e.g. ‘ <’ is replaced by &lt; and ‘>’ is replaced by &gt;). Starting with build 257 the wwwopac.ashx supports HTML encoding of posted XML data. It will detect automatically whether it needs to decode the data. In accordance with this the Adlib.Data dll has also been updated to encode any posted data in HTML encoding (build 5).

You can still use older versions of wwwopac.ashx on the .NET 4.0 framework, but then you will have to switch the improved security off by setting the request validation mode to (.NET) 2.0 in the web.config. Obviously by doing this you will lose the benefit of the improved security. Build 257 and higher of wwwopac.ashx requires the .NET 4.0 framework however.

Please note that the above only applies to writing data using the wwwopac.ashx. Read and Search operations are not affected.