Author Topic: There is a validation error with your html input. (Read 8127 times)

BigP · July 30, 2010, 02:12:30 am

I have to copy some data from a word file in to contacts. I get a lot of errors when saving

"Sorry a non-recoverable error has occurred. There is a validation error with your html input. Your activity is a bit suspicious, hence aborting"

I updated to 3.2 but the problem stays. It happens with data in custom fields of de rich-text type.
When i put the data in and i check it via de "code" button; the code looks ok. I see no strange tags or bad html-syntax.

when entering pure html code, i get no error.

i didn't find any sollution on this forum. this issue http://forum.civicrm.org/index.php/topic,13372.0.html is maybe sollution but i don't understand it.

BigP · July 30, 2010, 03:42:50 am

I think the problem is caused by ckeditor. I changed to the tinyMCE, and now it works ok.

Still looking for a solution, because the rest of my drupal site uses ckeditor.

Kurund Jalmi · July 30, 2010, 05:53:49 am

Ckeditor has a option "Paste from word". Are you using that option, if not you should try that.

Kurund

BigP · July 30, 2010, 05:56:32 am

Yeps, i was using the copy from word button

Dave Greenberg · August 02, 2010, 01:59:05 pm

This error can happen if the specific field you're entering data into is not marked as HTML type in the IDS (intrusion detection system) package that CiviCRM uses. So... which form and field or field(s) is this happening on - include screenshot(s) + URL(s)

BigP · August 03, 2010, 01:18:16 am

It happens in the custom fields i made. The problem is that it happens randomly and i have had a problem with any of the four fields i use here

- Omschrijving
- Visie en missie
- Rol in het beleid
- Samenstelling

I added a screenshot of the custom fields dialog and of the contact edit form.

These pages are in my drupal admin section, so i can't give the url?

Dave Greenberg · August 03, 2010, 12:42:01 pm

I did a quick experiment in my 3.2 local site with a single Rich Text custom field added to the contact edit form, and I did not get the error. We're looking into it a bit more on our side - but would help if you could try and recreate the error on the 3.2 demo (link above), AND determine if it is triggered only when you "paste from word", or if you can also trigger it by typing similar content into the editor directly (lists, links etc.).

BigP · August 04, 2010, 12:59:34 am

I recreated most of the customfields on the demo site and copied the text form my word file. I got the same error
I changed the editor to tinyMCE and it worked fine.

I can send a copy of the word document if you like to test.
I added a txtdocument whit the html code (via button code) that is visible in the editor. As far as i know this html code is ok.

Kurund Jalmi · August 04, 2010, 02:14:58 am

So it looks like CkEditor is adding some extra characters that is causing this problem, we will investigate and get back to you.

Kurund

joemaine · August 13, 2010, 12:55:22 pm

In a similar CKEditor issue. Since installation of 3.2.1 -- using CKEditor in CiviEvents causes my left nav area to sink below content in IE8, it's fine in Firefox and Chrome. If I go in and change the editor to textarea and edit the event (keeping the HTML) all is well in each browser. It seems that CKEditor might be dropping a </div> somewhere. (I can't replicate this in the sandbox)

My current configuration has Drupal with CKEditor 3.2 and CiviCRM with CKEditor version 3.3.1. As there is now no longer a stand-alone version, can CiviCRM work with Drupal's install of the editor instead of having a duplication of the application? Is there an easy process to upgrade the CKEditor version within CiviCRM?

Donald Lobo · August 13, 2010, 02:48:47 pm

Quote from: joemaine on August 13, 2010, 12:55:22 pm

My current configuration has Drupal with CKEditor 3.2 and CiviCRM with CKEditor version 3.3.1. As there is now no longer a stand-alone version, can CiviCRM work with Drupal's install of the editor instead of having a duplication of the application?

currently no. if this is important to you, consider investigating the issue and contributing code that will enable this. You'll also need to ensure that:

1. it works for joomla
2. it works for drupal users who do not have the right combination of modules enabled

lobo

dschafer · August 30, 2010, 09:32:48 pm

We are getting this same error on multiple 3.2.1 sites. One was an upgrade from 3.0.3 the other as a clean install.

The errors happen on the system workflow messages which don't use a wysiwyg editor.

Here is the value of $result that is past to private function kick($result)

I have no idea how to interpret this so would appreciate some help.

Since the demo site seems to work, I took the text of the offline receipt message and tried to replace the html in our version.

Thanks
Dave

Total impact: 75
Affected tags: xss, csrf, id, rfe, lfi, sqli

Variable: msg_title | Value: Contributions - Receipt (off-line)
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: msg_subject | Value: {ts}Contribution Receipt{/ts}
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: msg_text | Value: {if $formValues.receipt_text} {$formValues.receipt_text} {else}{ts}Thanks for your support.{/ts}{/if} {ts}Please print this receipt for your records.{/ts} =========================================================== {ts}Contribution Information{/ts} =========================================================== {ts}Contribution Type{/ts}: {$formValues.contributionType_name} {if $lineItem} {foreach from=$lineItem item=value key=priceset} --------------------------------------------------------- {capture assign=ts_item}{ts}Item{/ts}{/capture} {capture assign=ts_qty}{ts}Qty{/ts}{/capture} {capture assign=ts_each}{ts}Each{/ts}{/capture} {capture assign=ts_total}{ts}Total{/ts}{/capture} {$ts_item|string_format:"%-30s"} {$ts_qty|string_format:"%5s"} {$ts_each|string_format:"%10s"} {$ts_total|string_format:"%10s"} ---------------------------------------------------------- {foreach from=$value item=line} {$line.description|truncate:30:"..."|string_format:"%-30s"} {$line.qty|string_format:"%5s"} {$line.unit_price|crmMoney:$currency|string_format:"%10s"} {$line.line_total|crmMoney:$currency|string_format:"%10s"} {/foreach} {/foreach} {/if} {ts}Total Amount{/ts}: {$formValues.total_amount|crmMoney:$currency} {if $receive_date} {ts}Received Date{/ts}: {$receive_date|truncate:10:''|crmDate} {/if} {if $receipt_date} {ts}Receipt Date{/ts}: {$receipt_date|truncate:10:''|crmDate} {/if} {if $formValues.paidBy and !$formValues.hidden_CreditCard} {ts}Paid By{/ts}: {$formValues.paidBy} {if $formValues.check_number} {ts}Check Number{/ts}: {$formValues.check_number} {/if} {/if} {if $formValues.trxn_id} {ts}Transaction ID{/ts}: {$formValues.trxn_id} {/if} {if $ccContribution} =========================================================== {ts}Billing Name and Address{/ts} =========================================================== {$billingName} {$address} =========================================================== {ts}Credit Card Information{/ts} =========================================================== {$credit_card_type} {$credit_card_number} {ts}Expires{/ts}: {$credit_card_exp_date|truncate:7:''|crmDate} {/if} {if $customGroup} {foreach from=$customGroup item=value key=customName} =========================================================== {$customName} =========================================================== {foreach from=$value item=v key=n} {$n}: {$v} {/foreach} {/foreach} {/if} {if $formValues.honor_first_name} =========================================================== {$formValues.honor_type} =========================================================== {$formValues.honor_prefix} {$formValues.honor_first_name} {$formValues.honor_last_name} {if $formValues.honor_email} {ts}Honoree Email{/ts}: {$formValues.honor_email} {/if} {/if} {if $formValues.product_name} =========================================================== {ts}Premium Information{/ts} =========================================================== {$formValues.product_name} {if $formValues.product_option} {ts}Option{/ts}: {$formValues.product_option} {/if} {if $formValues.product_sku} {ts}SKU{/ts}: {$formValues.product_sku} {/if} {if $fulfilled_date} {ts}Sent{/ts}: {$fulfilled_date|crmDate} {/if} {/if}
Impact: 54 | Tags: xss, csrf, id, rfe, sqli, lfi
Description: Detects JavaScript DOM/miscellaneous properties and methods | Tags: xss, csrf, id, rfe | ID: 15
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects nullbytes and other dangerous characters | Tags: id, rfe, xss | ID: 39
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID: 45
Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID: 46
Description: Detects code injection attempts 3/3 | Tags: id, rfe, lfi | ID: 60
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: IDS_user_agent | Value: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Centrifuge detection data
Threshold: 3.49
Ratio: 1.3857142857143
Converted: ((+++:

There is a validation error with your HTML input. Your activity is a bit suspicious, hence aborting

BigP · August 30, 2010, 11:29:41 pm

I turned to wysiwyg module in combination with ckeditor. That worked for us.

So i think the problem is in the ckeditor-module

Donald Lobo · August 31, 2010, 08:04:47 am

this has been fixed in 3.2.2

if u'd like u can just overwrite this file:

http://svn.civicrm.org/civicrm/branches/v3.2/CRM/Core/IDS.php

make sure u delete the templates_c directory after u update the file (we added msg_text to the exceptions list)

lobo

dschafer · September 01, 2010, 05:00:20 am

Ok,
I delployed file at the svn link and cleared the template cache.

I'm still getting the error. Here is the result from IDS.

Result: Total impact: 75
Affected tags: xss, csrf, id, rfe, lfi, sqli

Variable: msg_title | Value: Contributions - Receipt (off-line)
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: msg_subject | Value: {ts}Contribution Receipt{/ts}
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: msg_text | Value: {if $formValues.receipt_text} {$formValues.receipt_text} {else}{ts}Thanks for your support.{/ts}{/if} {ts}Please print this receipt for your records.{/ts} =========================================================== {ts}Contribution Information{/ts} =========================================================== {ts}Contribution Type{/ts}: {$formValues.contributionType_name} {if $lineItem} {foreach from=$lineItem item=value key=priceset} --------------------------------------------------------- {capture assign=ts_item}{ts}Item{/ts}{/capture} {capture assign=ts_qty}{ts}Qty{/ts}{/capture} {capture assign=ts_each}{ts}Each{/ts}{/capture} {capture assign=ts_total}{ts}Total{/ts}{/capture} {$ts_item|string_format:"%-30s"} {$ts_qty|string_format:"%5s"} {$ts_each|string_format:"%10s"} {$ts_total|string_format:"%10s"} ---------------------------------------------------------- {foreach from=$value item=line} {$line.description|truncate:30:"..."|string_format:"%-30s"} {$line.qty|string_format:"%5s"} {$line.unit_price|crmMoney:$currency|string_format:"%10s"} {$line.line_total|crmMoney:$currency|string_format:"%10s"} {/foreach} {/foreach} {/if} {ts}Total Amount{/ts}: {$formValues.total_amount|crmMoney:$currency} {if $receive_date} {ts}Received Date{/ts}: {$receive_date|truncate:10:''|crmDate} {/if} {if $receipt_date} {ts}Receipt Date{/ts}: {$receipt_date|truncate:10:''|crmDate} {/if} {if $formValues.paidBy and !$formValues.hidden_CreditCard} {ts}Paid By{/ts}: {$formValues.paidBy} {if $formValues.check_number} {ts}Check Number{/ts}: {$formValues.check_number} {/if} {/if} {if $formValues.trxn_id} {ts}Transaction ID{/ts}: {$formValues.trxn_id} {/if} {if $ccContribution} =========================================================== {ts}Billing Name and Address{/ts} =========================================================== {$billingName} {$address} =========================================================== {ts}Credit Card Information{/ts} =========================================================== {$credit_card_type} {$credit_card_number} {ts}Expires{/ts}: {$credit_card_exp_date|truncate:7:''|crmDate} {/if} {if $customGroup} {foreach from=$customGroup item=value key=customName} =========================================================== {$customName} =========================================================== {foreach from=$value item=v key=n} {$n}: {$v} {/foreach} {/foreach} {/if} {if $formValues.honor_first_name} =========================================================== {$formValues.honor_type} =========================================================== {$formValues.honor_prefix} {$formValues.honor_first_name} {$formValues.honor_last_name} {if $formValues.honor_email} {ts}Honoree Email{/ts}: {$formValues.honor_email} {/if} {/if} {if $formValues.product_name} =========================================================== {ts}Premium Information{/ts} =========================================================== {$formValues.product_name} {if $formValues.product_option} {ts}Option{/ts}: {$formValues.product_option} {/if} {if $formValues.product_sku} {ts}SKU{/ts}: {$formValues.product_sku} {/if} {if $fulfilled_date} {ts}Sent{/ts}: {$fulfilled_date|crmDate} {/if} {/if}
Impact: 54 | Tags: xss, csrf, id, rfe, sqli, lfi
Description: Detects JavaScript DOM/miscellaneous properties and methods | Tags: xss, csrf, id, rfe | ID: 15
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects nullbytes and other dangerous characters | Tags: id, rfe, xss | ID: 39
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID: 45
Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID: 46
Description: Detects code injection attempts 3/3 | Tags: id, rfe, lfi | ID: 60
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Variable: IDS_user_agent | Value: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Impact: 7 | Tags: xss, csrf, id, rfe, lfi
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Centrifuge detection data
Threshold: 3.49
Ratio: 1.3857142857143
Converted: ((+++:

CiviCRM Community Forums (archive)

News:

Author Topic: There is a validation error with your html input. (Read 8127 times)

BigP

There is a validation error with your html input.

BigP

Re: There is a validation error with your html input.

Kurund Jalmi

Re: There is a validation error with your html input.

BigP

Re: There is a validation error with your html input.

Dave Greenberg

Re: There is a validation error with your html input.

BigP

Re: There is a validation error with your html input.

Dave Greenberg

Re: There is a validation error with your html input.

BigP

Re: There is a validation error with your html input.

Kurund Jalmi

Re: There is a validation error with your html input.

joemaine

Re: There is a validation error with your html input.

Donald Lobo

Re: There is a validation error with your html input.

dschafer

Re: There is a validation error with your html input.

BigP

Re: There is a validation error with your html input.

Donald Lobo

Re: There is a validation error with your html input.

dschafer

Re: There is a validation error with your html input.