This project is read-only.


Passwords which looks like html are not accepted


Passwords which looks like HTML ex. <AS23/ are not accepted

The error is

A potentially dangerous Request.Form value was detected from the client (password="<AS23/").

This is on login form and on changing password screen and register.

Suggestion. Add ValidateInput(false) on LogOn Register and ChangePassword actions in AccountController in Orchard.Users or ... create FormModels where property Password is decorated with [AllowHtml]

PS. We have Orchard integrated with ActiveDirectory and I have such password with chars like < / > and cannot login :) because sending form doesn't allow me


rodpl wrote Nov 21, 2013 at 9:57 AM

Exactly ... ChangePassword is still bugged

Jetski5822 wrote Jun 23, 2014 at 10:35 PM

Fixed in changeset 1936743ca0d7638fd4691f015f985e805ecd2b71