Umbraco-cms: Embed control is grid layout creates invalid embed url (A potentially dangerous Request.Path value was detected from the client (:))

Created on 19 Nov 2019  路  3Comments  路  Source: umbraco/Umbraco-CMS

Replicated on Umbraco versions 8.2.2 and 8.3

Embed video in a Grid Layout and save - can be YouTube video or Vimeo e.g. https://www.youtube.com/watch?v=__G4RrlGmVk . If you view on the site it errors as follows: "A potentially dangerous Request.Path value was detected from the client (:)" as described here.

The outputted html code looks like this : 

<div class="video-wrapper">
    {
  "constrain": true,
  "height": 240,
  "width": 360,
  "url": "https://www.youtube.com/watch?v=__G4RrlGmVk",
  "info": "",
  "preview": "<iframe width="\&quot;320\&quot;" height="\&quot;240\&quot;" src="\&quot;https://www.youtube.com/embed/__G4RrlGmVk?feature=oembed\&quot;" frameborder="\&quot;0\&quot;" allow="\&quot;accelerometer;" autoplay;="" encrypted-media;="" gyroscope;="" picture-in-picture\"="" allowfullscreen=""></iframe>"
}
</div>

Existing embedded videos still display ok but adding a new one results in this error.

_This item has been added to our backlog AB#3893_

releas8.6.0 staturegression
Source
picture junkin77

Most helpful comment

Something seems to have changed in 8.2.0 with returning the stored data, it no longer returns just the html for the raw HTML for embed, but it now returns some json data.

For now, to work around the issue, I think this should do the trick, update Views\Partials\Grid\Editors\Embed.cshtml like so:

@model dynamic
@using Umbraco.Web.Templates
@{ 
    var embedValue = "test";
    try {
        embedValue = Model.value.preview;
    } catch(Exception ex) {
        embedValue = Model.value;
    }
}

<div class="video-wrapper">
    @Html.Raw(embedValue)
</div>
picture nul800sebastiaan on 20 Nov 2019
👍4

All 3 comments

Something seems to have changed in 8.2.0 with returning the stored data, it no longer returns just the html for the raw HTML for embed, but it now returns some json data.

For now, to work around the issue, I think this should do the trick, update Views\Partials\Grid\Editors\Embed.cshtml like so:

@model dynamic
@using Umbraco.Web.Templates
@{ 
    var embedValue = "test";
    try {
        embedValue = Model.value.preview;
    } catch(Exception ex) {
        embedValue = Model.value;
    }
}

<div class="video-wrapper">
    @Html.Raw(embedValue)
</div>
nul800sebastiaan picture nul800sebastiaan on 20 Nov 2019
👍4

That works. Thanks Sebastiaan.

junkin77 picture junkin77 on 22 Nov 2019

@nul800sebastiaan it was this PR where this was changed it seems - https://github.com/umbraco/Umbraco-CMS/pull/4899

https://github.com/umbraco/Umbraco-CMS/commit/1b0113d3aaad8f98ea215190fb6cd8c415f9b3e2#diff-9f4cab23615bec0fe22a9e55daa037f4L23

We need to decide if we carry on storing the JSON object in that grid cell value or just the HTML from the oEmbed provider as we did before

OR
If we fix this issue by updating the Razor partial view for the embed grid cell, similar to your workaround.

warrenbuckley picture warrenbuckley on 19 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

0Neji picture 0Neji  路  3Comments
Luksor picture Luksor  路  3Comments
pralthom picture pralthom  路  3Comments
glombek picture glombek  路  4Comments
Myronics picture Myronics  路  3Comments