Add new Item to Lookup from Edit Form, is EnableEventValidation required?

May 4, 2016 at 12:35 AM
Edited May 4, 2016 at 12:36 AM
I am using SharePoint 2013 and I have a solution working that adds an "Add New Item" link on the Edit Form. This link shows the "New Form" for the related List, allows the user to add a new item, then queries the LastItemID for that List/User, then it adds the item to the DropDown. (Similar to some of the examples here, with slight modifications to work with SharePoint 2013.) Anyway, it is all working, with one exception, I get the error requiring me to disable "EnableEventValidation" (because an item was dynamically added to the dropdown). My questions are:

1 - How do I actually do this? When I add EnableEventValidation="false" to the EditForm page directive, I get a parser error. (Evidently I have to change the "web.config"?)

2 - Is there any way to get around this? Is there any other way to refresh the DropDown (and retain the form values the user may have entered/changed). (I am not opposed to deploying "custom code". As a matter of fact, I have developed several Visual Studio "Solutions", that are deployed on this particular Farm. With that being said, I certainly don't want to spend a "great deal" of time on this, as I have probably spent too much already, considering the benefits the solution will provide..)

Thank you!
May 5, 2016 at 1:35 PM

When you add a new item to a dropdown that's already in the page manually, you run afoul of the page digest matching. It's a security mechanisms that provides a valuable function in that it prevents malicious additions to the values sent back to the server.

I don't know about the EnableEventValidation idea, but it doesn't sound like a good one, as it would potentially remove this security feature.

May 6, 2016 at 1:52 AM
That's basically my thoughts too. Although, I haven't come up with any other solution. :( Even the few examples in the discussions here suggest disabling that Validation. For now, I have disabled it..... taking into consideration that the Web Application that is hosting this Site is only available to internal users and the fact that there isn't really any "sensitive" data being hosted on any of these sites, while not ideal, I feel the trade off is worth the gain it provides.

If you have any better ideas, I would certainly like to hear them. :) (Even if I could just disable the Validation for a single Page or even "Site" (without creating a dedicated Web App), that would be a huge improvement.)

Thank you for your contributions to the "SharePoint Community". I'm sure many will agree that your contributions are greatly appreciated.

May 6, 2016 at 2:01 PM
You're very welcome.

Given your situation, I think you've got a good solution. I never was able to come up with any client side tricks for this.