Henrik Buer
Member since: 2005

I'm just experimenting with PageObjects in CMS 6 R2 (Beta) and come across an issue. I get an exception when I try to save:


Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName

Stack Trace:

[ArgumentException: Contains potentially dangerous (SQL Injection) characters
Parameter name: storeName]
EPiServer.Framework.Validator.ThrowIfContainsSqlInjectionChars(String name, String value) +191
EPiServer.Data.Dynamic.EPiServerDynamicDataStoreFactory.CreateStore(String storeName, IDictionary`2 typeBag, StoreDefinitionParameters parameters) +115
EPiServer.DataAccess.<>c__DisplayClassc.<Save>b__a() +1158
EPiServer.Data.Dynamic.Providers.<>c__DisplayClass7.<ExecuteTransaction>b__6() +428
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.InternalExecute(Func`1 method) +69
EPiServer.Data.Dynamic.Providers.DbDataStoreProvider.ExecuteTransaction(Action action) +117
EPiServer.DataAccess.DdsPageObjectRepository.Save(PageObject[] pageObjects) +2798
EPiServer.Core.PageObjectManager.InternalSave(PageObject[] pageObjects) +477
EPiServer.Core.PageObjectManager.InternalSave(String name, Object value, Nullable`1 ownerOption) +425
EPiServer.Core.PageObjectManager.Save(String name, Object value) +32
LiVIntra.Templates.Knowit.Units.Comments.btnComment_Click(Object sender, EventArgs e) in C:\EPiServer\Sites\LiVIntra\Templates\Knowit\Units\Comments.ascx.cs:85
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981

Using Reflector I se that ThrowIfContainsSqlInjectionChars is implemented as:

public static void ThrowIfContainsSqlInjectionChars(string name, string value){

if (!string.IsNullOrEmpty(value) && (_regexSqlCommentChars.IsMatch(value) || !_regexAllowedChars.IsMatch(value))){

throw new ArgumentException("Contains potentially dangerous (SQL Injection) characters", name);



The "_regexSqlCommentChars" and "_regexAllowedChars" are empty? Anyone got an idea how to get past this (other then waiting for the official release of R2)?
#49411 Mar 16, 2011 12:43
  • Magnus Rahl
    Member since: 2008


    I have very vague memories of seing something similiar when trying to add primitives or (generic) collections as page objects. You must always use a class. You could of course create a class which only has one property to carry the value you want to save.

    Another vague memory has something to do with autogenerated classes, like the anonymous types generated by lambdas or classes created by the JIT compiler for the aspx/ascx.

    Can you post the code where you try to add the page object causing the exception?

    #49414 Mar 16, 2011 13:08
  • Henrik Buer
    Member since: 2005

    Damn... my first post was ugly formatted...


    Your first vague memory was correct :-)


    I was trying to save a class like this one:

        public class Comment
            public Guid CommentGuid { get; set; }
            public DateTime DatePosted { get; set; }
            public String UserName { get; set; }
            public String CommentText { get; set; }

    I added another class that contains a list of "Comment":


        public class CommentsList
            public IList<Comment> Comments { get; set; }

            public CommentsList()
                Comments = new List<Comment>();

    ... and saving this "CommentList" as a PageObject works like a charm. Thanks for the help Magnus!

    #49427 Mar 16, 2011 19:17
  • Ger Groot
    Member since: 2011

    I'm facing the same problem when I'm trying to save the following class

            public class PomData : IDynamicData
                public bool IsSecure { get; set; }

                public Identity Id { get; set; }

    #64231 Dec 13, 2012 16:16
  • Magnus Rahl
    Member since: 2008

    What happens if you try to save a similar object that does not implement IDynamicData? IDynamicData is good for saving things in your own store, but could it be that it upsets the PageObject PropertyBag handling?

    #64243 Dec 14, 2012 8:51
  • Ger Groot
    Member since: 2011

    The same exception occurs. All i'm trying to do is save a boolean value as PageObject data

    PomData data = new PomData();
    data.Id = Identity.NewIdentity(Guid.NewGuid());
    data.IsSecure = true;

    pom.Save(this._propertyName, data);

    #64244 Dec 14, 2012 9:00