- ABP Framework version: v7.4
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
- Exception message and full stack trace:
[19:18:18 ERR] An unhandled exception has occurred while executing the request.
Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.CmsKit.Web.Renderers.MarkdownToHtmlRenderer.
---> Autofac.Core.DependencyResolutionException: An exception was thrown while invoking the constructor 'Void .ctor(Markdig.MarkdownPipeline)' on type 'MarkdownToHtmlRenderer'.
---> System.TypeLoadException: Could not load type 'Ganss.XSS.HtmlSanitizer' from assembly 'HtmlSanitizer, Version=8.0.0.0, Culture=neutral, PublicKeyToken=61c49a1a9e79cc28'.
at Volo.CmsKit.Web.Renderers.MarkdownToHtmlRenderer..ctor(MarkdownPipeline markdownPipeline)
at lambda_method177(Closure, Object[])
at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate()
--- End of inner exception stack trace ---
at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate()
at Autofac.Core.Activators.Reflection.ReflectionActivator.<>c__DisplayClass14_0.<UseSingleConstructorActivation>b__0(ResolveRequestContext ctxt, Action`1 next)
at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
at Autofac.Builder.RegistrationBuilder`3.<>c__DisplayClass41_0.<PropertiesAutowired>b__0(ResolveRequestContext ctxt, Action`1 next)
at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
--- End of inner exception stack trace ---
at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action`1 next)
at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest request)
at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest request)
at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable`1 parameters, Object& instance)
at Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable`1 parameters)
at Microsoft.AspNetCore.Mvc.Razor.RazorPagePropertyActivator.<>c__DisplayClass8_0.<CreateActivateInfo>b__1(ViewContext context)
at Microsoft.AspNetCore.Mvc.Razor.RazorPagePropertyActivator.Activate(Object page, ViewContext context)
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderPageCoreAsync(IRazorPage page, ViewContext context)
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderPageAsync(IRazorPage page, ViewContext context, Boolean invokeViewStarts)
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderAsync(ViewContext context)
at Microsoft.AspNetCore.Mvc.ViewComponents.ViewViewComponentResult.ExecuteAsync(ViewComponentContext context)
at Microsoft.AspNetCore.Mvc.ViewComponents.DefaultViewComponentInvoker.InvokeAsync(ViewComponentContext context)
at Microsoft.AspNetCore.Mvc.ViewComponents.DefaultViewComponentHelper.InvokeCoreAsync(ViewComponentDescriptor descriptor, Object arguments)
at Volo.Abp.AspNetCore.Mvc.UI.Widgets.AbpViewComponentHelper.InvokeWidgetAsync(Object arguments, WidgetDefinition widget)
at Volo.Abp.AspNetCore.Mvc.UI.Widgets.AbpViewComponentHelper.InvokeAsync(Type componentType, Object arguments)
at AspNetCoreGeneratedDocument.Pages_Public_CmsKit_Pages_Index.<ExecuteAsync>b__11_5()
at Microsoft.AspNetCore.Razor.Runtime.TagHelpers.TagHelperExecutionContext.SetOutputContentAsync()
at AspNetCoreGeneratedDocument.Pages_Public_CmsKit_Pages_Index.<ExecuteAsync>b__11_2()
at Microsoft.AspNetCore.Razor.Runtime.TagHelpers.TagHelperExecutionContext.SetOutputContentAsync()
at AspNetCoreGeneratedDocument.Pages_Public_CmsKit_Pages_Index.ExecuteAsync()
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderPageCoreAsync(IRazorPage page, ViewContext context)
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderPageAsync(IRazorPage page, ViewContext context, Boolean invokeViewStarts)
at Microsoft.AspNetCore.Mvc.Razor.RazorView.RenderAsync(ViewContext context)
at Microsoft.AspNetCore.Mvc.ViewFeatures.ViewExecutor.ExecuteAsync(ViewContext viewContext, String contentType, Nullable`1 statusCode)
at Microsoft.AspNetCore.Mvc.ViewFeatures.ViewExecutor.ExecuteAsync(ViewContext viewContext, String contentType, Nullable`1 statusCode)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResultFilterAsync>g__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeResultFilters()
--- End of stack trace from previous location ---
- Steps to reproduce the issue:
Hi, I recently added CmsKit to our application, and it seemed to go well. Migrations worked, menu options displayed, I was able to create a blog and a post from within the app, no problem. I created my first "Page" to display the blog, but when I navigate to the page, a get 500. It looks like there is some issue with Ganss HtmlSanitizer not being initialized in to Autofac. I believe I have everything installed and configured properly otherwise I wouldn't be able to access the admin pages.
It's a semi-large project already with everything working well. We needed to add the CmsKit so the app could host it's own blogs. Adding the module and code did not break anything else, the only thing not working is trying to view a CmsKit page. Any help would be appreciated.
Here's the NuGet packages I have installed:
Project 'MyProject.Domain' has the following package references
[net7.0]:
Top-level Package Requested Resolved
> AngleSharp 0.17.1 0.17.1
> Betalgo.OpenAI 7.3.0 7.3.0
> Hangfire.Console 1.4.2 1.4.2
> HtmlAgilityPack 1.11.54 1.11.54
> HtmlSanitizer 8.0.723 8.0.723
> Microsoft.AspNet.WebApi.Client 5.2.9 5.2.9
> NodaTime 3.1.9 3.1.9
> SixLabors.ImageSharp 2.1.6 2.1.6
> System.ServiceModel.Syndication 7.0.0 7.0.0
> Verify.ImageSharp 4.0.1 4.0.1
> Volo.Abp.AuditLogging.Domain 7.4.0 7.4.0
> Volo.Abp.BackgroundJobs.Domain 7.4.0 7.4.0
> Volo.Abp.BackgroundWorkers.Hangfire 7.4.0 7.4.0
> Volo.Abp.BlobStoring.Azure 7.4.0 7.4.0
> Volo.Abp.BlobStoring.Database.Domain 7.4.0 7.4.0
> Volo.Abp.Caching 7.4.0 7.4.0
> Volo.Abp.Commercial.SuiteTemplates 7.4.0 7.4.0
> Volo.Abp.Emailing 7.4.0 7.4.0
> Volo.Abp.EntityFrameworkCore 7.4.0 7.4.0
> Volo.Abp.FeatureManagement.Domain 7.4.0 7.4.0
> Volo.Abp.Gdpr.Domain 7.4.0 7.4.0
> Volo.Abp.Identity.Pro.Domain 7.4.0 7.4.0
> Volo.Abp.LanguageManagement.Domain 7.4.0 7.4.0
> Volo.Abp.LeptonTheme.Management.Domain 7.4.0 7.4.0
> Volo.Abp.OpenIddict.Pro.Domain 7.4.0 7.4.0
> Volo.Abp.PermissionManagement.Domain.Identity 7.4.0 7.4.0
> Volo.Abp.PermissionManagement.Domain.OpenIddict 7.4.0 7.4.0
> Volo.Abp.SettingManagement.Domain 7.4.0 7.4.0
> Volo.Abp.TextTemplateManagement.Domain 7.4.0 7.4.0
> Volo.CmsKit.Pro.Domain 7.4.0 7.4.0
> Volo.Saas.Domain 7.4.0 7.4.0
> Z.ExtensionMethods 2.1.1 2.1.1
Project 'MyProject.Application' has the following package references
[net7.0]:
Top-level Package Requested Resolved
> Betalgo.OpenAI 7.3.0 7.3.0
> Google.Analytics.Data.V1Beta 2.0.0-beta03 2.0.0-beta03
> Hangfire.SqlServer 1.8.2 1.8.2
> HtmlAgilityPack 1.11.54 1.11.54
> HtmlSanitizer 8.0.723 8.0.723
> Microsoft.AspNetCore.Mvc.Core 2.2.5 2.2.5
> MiniExcel 1.31.2 1.31.2
> NodaTime 3.1.9 3.1.9
> Volo.Abp.Account.Pro.Admin.Application 7.4.0 7.4.0
> Volo.Abp.Account.Pro.Public.Application 7.4.0 7.4.0
> Volo.Abp.Account.Pro.Shared.Application 7.4.0 7.4.0
> Volo.Abp.AuditLogging.Application 7.4.0 7.4.0
> Volo.Abp.BackgroundJobs.HangFire 7.4.0 7.4.0
> Volo.Abp.BackgroundWorkers.Hangfire 7.4.0 7.4.0
> Volo.Abp.BlobStoring.Azure 7.4.0 7.4.0
> Volo.Abp.FeatureManagement.Application 7.4.0 7.4.0
> Volo.Abp.Gdpr.Application 7.4.0 7.4.0
> Volo.Abp.Identity.Pro.Application 7.4.0 7.4.0
> Volo.Abp.LanguageManagement.Application 7.4.0 7.4.0
> Volo.Abp.LeptonTheme.Management.Application 7.4.0 7.4.0
> Volo.Abp.OpenIddict.Pro.Application 7.4.0 7.4.0
> Volo.Abp.PermissionManagement.Application 7.4.0 7.4.0
> Volo.Abp.SettingManagement.Application 7.4.0 7.4.0
> Volo.Abp.TextTemplateManagement.Application 7.4.0 7.4.0
> Volo.CmsKit.Pro.Application 7.4.0 7.4.0
> Volo.Saas.Host.Application 7.4.0 7.4.0
> Z.ExtensionMethods 2.1.1 2.1.1
Project 'MyProject.Web' has the following package references
[net7.0]:
Top-level Package Requested Resolved
> AspNetCore.HealthChecks.UI 7.0.2 7.0.2
> AspNetCore.HealthChecks.UI.Client 7.1.0 7.1.0
> AspNetCore.HealthChecks.UI.InMemory.Storage 7.0.0 7.0.0
> Edi.RouteDebugger 1.7.0 1.7.0
> Google.Apis.AnalyticsReporting.v4 1.62.0.2484 1.62.0.2484
> Hangfire.Console 1.4.2 1.4.2
> Hangfire.SqlServer 1.8.2 1.8.2
> Microsoft.ApplicationInsights.AspNetCore 2.21.0 2.21.0
> Microsoft.ApplicationInsights.SnapshotCollector 1.4.4 1.4.4
> Microsoft.AspNetCore.Authentication.Google 7.0.12 7.0.12
> Microsoft.AspNetCore.Authentication.MicrosoftAccount 7.0.12 7.0.12
> Microsoft.AspNetCore.Authentication.Twitter 7.0.12 7.0.12
> OpenIddict.Server.AspNetCore 4.9.0 4.9.0
> OpenIddict.Validation.AspNetCore 4.9.0 4.9.0
> Serilog.AspNetCore 7.0.0 7.0.0
> Serilog.Sinks.ApplicationInsights 4.0.0 4.0.0
> Serilog.Sinks.Async 1.5.0 1.5.0
> Volo.Abp.Account.Pro.Admin.Web 7.4.0 7.4.0
> Volo.Abp.Account.Pro.Public.Web 7.4.0 7.4.0
> Volo.Abp.Account.Pro.Public.Web.IdentityServer 7.4.0 7.4.0
> Volo.Abp.Account.Pro.Public.Web.OpenIddict 7.4.0 7.4.0
> Volo.Abp.AspNetCore.Authentication.JwtBearer 7.4.0 7.4.0
> Volo.Abp.AspNetCore.Mvc.UI.Theme.Lepton 7.4.0 7.4.0
> Volo.Abp.AspNetCore.Serilog 7.4.0 7.4.0
> Volo.Abp.AuditLogging.Web 7.4.0 7.4.0
> Volo.Abp.Autofac 7.4.0 7.4.0
> Volo.Abp.BackgroundJobs.HangFire 7.4.0 7.4.0
> Volo.Abp.BackgroundWorkers.Hangfire 7.4.0 7.4.0
> Volo.Abp.BlobStoring.Azure 7.4.0 7.4.0
> Volo.Abp.FeatureManagement.Web 7.4.0 7.4.0
> Volo.Abp.Gdpr.Web 7.4.0 7.4.0
> Volo.Abp.Identity.Pro.Web 7.4.0 7.4.0
> Volo.Abp.Imaging.Abstractions 7.4.0 7.4.0
> Volo.Abp.LanguageManagement.Web 7.4.0 7.4.0
> Volo.Abp.LeptonTheme.Management.Web 7.4.0 7.4.0
> Volo.Abp.OpenIddict.AspNetCore 7.4.0 7.4.0
> Volo.Abp.OpenIddict.Pro.Web 7.4.0 7.4.0
> Volo.Abp.Swashbuckle 7.4.0 7.4.0
> Volo.Abp.TextTemplateManagement.Web 7.4.0 7.4.0
> Volo.CmsKit.Pro.Web 7.4.0 7.4.0
> Volo.Saas.Host.Web 7.4.0 7.4.0
(A) : Auto-referenced package.
3 Answer(s)
-
0
Hi,
The CMS kit module uses version
5.0.331
of HtmlSanitizer.https://github.com/abpframework/abp/blob/rel-7.4/modules/cms-kit/src/Volo.CmsKit.Common.Web/Volo.CmsKit.Common.Web.csproj#L24
The version you installed is too high.
-
0
Hi,
Thanks for your quick replly. That version is so old it's not even attainable any more on NuGet and all previous versions seem to be riddled with vulnerabilities.
Basically we can't use HtmlSanitizer and CMSKit in our application at the moment because CmsKit is using a release that is over 3 years old.
-
0
Hi,
We upgraded to the latest version in the 8.0 milestone: https://github.com/abpframework/abp/blob/dev/Directory.Packages.props#L39