Bad Syntax in Template Can Break entire site..

Posted by Community Admin on 03-Aug-2018 17:18

Bad Syntax in Template Can Break entire site..

All Replies

Posted by Community Admin on 13-Apr-2011 00:00

I had a dev tell me that Sitefinity was not responding today.. Logging in to the web server showed that since 6:30 pm yesterday the server's CPU had been sitting at 100%! 

IIS Restart fixed the issue (Recycling the app pool didn't).  We were able to consistently reproduce this issue by loading a page that had a specific custom form control on it. After attempting to load the page, the entire site would no longer respond and only a Stop/Start would resolve.

The form control was pretty basic and commenting out all code behind still produced the issue.. I decided to dig into the .ascx template and I found that some broken html that was in the template was taking down the entire server!
Here's a clip of the read mode template of the control. It turns out he was describing an attribute for the img tag to a colleague and it was never removed. I've bolded the line which causes the entire site to go into an endless loop of unresponsiveness. 

note the unclosed img tag followed by a server side comment with an unclosed div in it.. 
I totally understand that this code shouldnt have been published, but this seems like something that would be very easy for an end user to recreate, and the biggest problem I have with this is that one poor user can literally disable the entire site and never once get prompted that the template was bad.

I would suggest adding some better error control to the template process. I'll suggest the same on our end as well ;)

<sf:ConditionalTemplateContainer ID="conditionalTemplate" runat="server">
    <Templates>
        <sf:ConditionalTemplate ID="ConditionalTemplate1" Left="DisplayMode" Operator="Equal" Right="Read" runat="server">      
            <sf:SitefinityLabel id="titleLabel" runat="server" WrapperTagName="div" HideIfNoText="false" CssClass="sfTxtLbl"></sf:SitefinityLabel>
            <sf:SitefinityLabel id="textLabel" runat="server" WrapperTagName="div" HideIfNoText="false" CssClass="sfTxtContent"></sf:SitefinityLabel>
            <sf:SitefinityLabel id="descriptionLabel" runat="server" WrapperTagName="p" HideIfNoText="false" CssClass="sfDescription"></sf:SitefinityLabel>            
 <%-- Hidden in read mode --%>
 <div style="float: left; clear: left; display:none;">
<telerik:RadCaptcha ID="RadCaptcha1" CssClass="RadCaptcha1" ValidatedTextBoxID="TxtVerify" runat="server" EnableRefreshImage="false" ErrorMessage="The code you entered is not valid." ForeColor="Red" CaptchaTextBoxCssClass="txtCaptcha" CaptchaTextBoxLabelCssClass="lblCaptcha" ValidationGroup="Group">
<CaptchaImage ImageCssClass="imageClass" />                            
</telerik:RadCaptcha>

<!-- BOOM... Start Single Line that takes down site -->
<asp:TextBox ID="TxtVerify" runat="server" /> <img longdesc <%-- <div style="margin-top: 15px;"><asp:Button ID="btnVerify" runat="server" Text="Verify Code" ValidationGroup="Group" /> --%>                                              
<!-- BOOM... End Single Line that takes down site -->
</div
</sf:ConditionalTemplate>

Posted by Community Admin on 14-Apr-2011 00:00

This should probably be logged in PITS. I'll add it there.  Keep working hard on getting us that update folks

Posted by Community Admin on 14-Apr-2011 00:00

Hello Drew Greenwell,

I have replied to you in the support thread you have opened. For your convenience I'll paste below my reply:

" I've tested the specified code block in a master page, in a widget template for a widget dropped onto a page and in a  widgets' template for a widget that will be open in another page.. First scenario got caught by the parser and returned a Parser error. The second returned a timeout error when trying to publish the page. The third also caused timeout when  requesting the page that contained the specified widget whose template had your code inserted.
In conclusion I'd like to examine this issue further, so can you please send me the complete user control and template so that I can attach them to my project ant test the described behavior."


I hope you don't mind keeping our conversation to one thread, for the sake of convenience and tracking our replies. Thanks in advance!

Best wishes,
Boyan Barnev
the Telerik team


Posted by Community Admin on 14-Apr-2011 00:00

Thanks for the response Boyan. I dont mind keeping the conversation here in case anyone else runs into it. It looks like the holes are plugged up when working through the backend designer interface, which is good. 

This issue is reproducable by creating a custom form control and using this as the template. I commented out every bit of code except base.InitializeControls(container) and still received the issue.

Here's the template whole template in it's bugged state. Something else of interest is that DisplayMode was forced to "Write" for this control from the codebehind, but the read mode template had the bad data.

<%@ Control Language="C#" %> 
<%@ Register Assembly="Telerik.Sitefinity" Namespace="Telerik.Sitefinity.Web.UI" TagPrefix="sf" %>
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
<%@ Register TagPrefix="sitefinity" Namespace="Telerik.Sitefinity.Web.UI" %>           
  
<sf:ConditionalTemplateContainer ID="conditionalTemplate" runat="server">
    <Templates>
        <sf:ConditionalTemplate ID="ConditionalTemplate1" Left="DisplayMode" Operator="Equal" Right="Read" runat="server">      
            <sf:SitefinityLabel id="titleLabel" runat="server" WrapperTagName="div" HideIfNoText="false" CssClass="sfTxtLbl"></sf:SitefinityLabel>
            <sf:SitefinityLabel id="textLabel" runat="server" WrapperTagName="div" HideIfNoText="false" CssClass="sfTxtContent"></sf:SitefinityLabel>
            <sf:SitefinityLabel id="descriptionLabel" runat="server" WrapperTagName="p" HideIfNoText="false" CssClass="sfDescription"></sf:SitefinityLabel>            
            
                    <%-- Hidden in read mode --%>
                    <div style="float: left; clear: left; display:none;">
                        <telerik:RadCaptcha ID="RadCaptcha1" CssClass="RadCaptcha1" ValidatedTextBoxID="TxtVerify" runat="server" EnableRefreshImage="false" ErrorMessage="The code you entered is not valid." ForeColor="Red" CaptchaTextBoxCssClass="txtCaptcha" CaptchaTextBoxLabelCssClass="lblCaptcha" ValidationGroup="Group">
                            <CaptchaImage ImageCssClass="imageClass" />                            
                        </telerik:RadCaptcha>
<asp:TextBox ID="TxtVerify" runat="server" /><img longdesc <%-- <div style="margin-top: 15px;"><asp:Button ID="btnVerify" runat="server" Text="Verify Code" ValidationGroup="Group" /> --%>                                              
                    </div>                   
            
        </sf:ConditionalTemplate>
        <sf:ConditionalTemplate ID="ConditionalTemplate2" Left="DisplayMode" Operator="Equal" Right="Write" runat="server">
            <div class="">
             <asp:Label ID="titleLabel" runat="server" CssClass="sfTxtLbl" />
            <asp:LinkButton ID="expandButton" runat="server" OnClientClick="return false;" CssClass="sfOptionalExpander" />
            <asp:Panel ID="expandableTarget" runat="server" CssClass="sfFieldWrp">
                <p>
                    <div style="float: left; clear: left;">
                        <telerik:RadCaptcha ID="RadCaptcha1" CssClass="RadCaptcha1" ValidatedTextBoxID="TxtVerify" runat="server" EnableRefreshImage="false" RegisterWithScriptManager="true" ErrorMessage="The code you entered is not valid." ForeColor="Red" CaptchaTextBoxCssClass="txtCaptcha" CaptchaTextBoxLabelCssClass="lblCaptcha" ValidationGroup="Group">
                            <CaptchaImage ImageCssClass="imageClass" />
                        </telerik:RadCaptcha>
                        <asp:TextBox ID="TxtVerify" runat="server" />
                       <%-- <div style="margin-top: 15px;">
                              
                        </div>--%>
                    </div>
                </p>
                <sf:SitefinityLabel id="textLabel" runat="server" WrapperTagName="div" HideIfNoText="true" CssClass="sfDescription" />
                <sf:SitefinityLabel id="descriptionLabel" runat="server" WrapperTagName="div" HideIfNoText="true" CssClass="sfDescription" />
                <sf:SitefinityLabel id="exampleLabel" runat="server" WrapperTagName="div" HideIfNoText="true" CssClass="sfExample" />
            </asp:Panel>
            </div>
        </sf:ConditionalTemplate>
    </Templates>
</sf:ConditionalTemplateContainer>

Posted by Community Admin on 19-Apr-2011 00:00

Hi Drew Greenwell,

Do you mind sending over the complete control and template, since using just the provided template I was not able to reproduce the problem - there were several build errors concerning duplicate control naming, fixing these allowed me to register the control but there are no errors loading the page it's been placed on. If you are concerned about uploading your control in this public thread, you can open a support thread/submit it in your original support ticket that you had opened for this issue

Best wishes,
Boyan Barnev
the Telerik team


Posted by Community Admin on 23-Jun-2011 00:00

Hello,

Has there been any additional update or work on this issue?  I'm in the process of developing a Sitefinity site for a client this past week and, this morning, it would appear that I have encountered a very similar issue.  On my local machine, I must have accidentally generated some bad HTML markup in one of the content placeholders, and now my entire site spins and eventually receives HttpExceptions for a timeout. The problem is compounded by the fact that this bad HTML was in the footer of one of my main site templates.  So, literally, nothing spins up and the parser does not appear to catch the problem.

If I am understanding the issue correctly, this seems to be a pretty substantial limitation and risk to our client, as they will continue to create new pages and may, on occasion, paste in potentially erroneous HTML in the future.  Please let me know if there are any steps that can be taken to avoid this issue. 

(For what it's worth, my initial plan is to restore my Sitefinity database from a backup taken yesterday evening. Hopefully this will solve the issue for now, but I'm still quite concerned about it.)

Thanks for your prompt attention,
Jeff

Posted by Community Admin on 24-Jun-2011 00:00

Hi Jeff,

Indeed it was confirmed that the problems were caused by improper HTML, however  we have changed the rendering engine for pages to ASP.NET engine - it was implemented for page rendering on the place of control builders, and testing the reported behavior on Sitefinity 4.1 official release, and latter versions  shows that the only noticeable thing is a slowdown in the initial loading of the page  due to loading improper HTML. However, the page displays fine, so there should be no worries when using the 4.1 version. To avoid similar problems you can benefit from the fact that bad HTML is caught by Visual Studio on build time, so maybe changing your build action settings to treat warnings as errors would be useful for future avoidance of similar problems.

Best wishes,
Boyan Barnev
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed