Online, JSOM, Add new Choice value to Lookup dropdown - cannot save form, "Invalid postback or callback argument. "

Question

I had a code that dynamically creates items and adds them as lookup values. I used CSR but CSR is unavailable on calendar forms (EditForm/NewForm.aspx), so I try to re-write it to vanilla javascript.

I have some form with lookup field pointed to "Customers" ("Customer Name"). And I've added a code that creates new option to this lookup dropdown. Let's pretend I open this NewForm.aspx:

<br/>
<label for="mylookupid">Lookup ID:</label>
<input type="text" id="mylookupid"/><br/>
<label for="mylookuptext">Lookup text:</label>
<input type="text" id="mylookuptext"/><br/><br/>
<input type="button" id="addoption" title="Add Option" value="Add New Option to 'Customer Name' dropdown" /><br />

<script src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
<script language="javascript" type="text/javascript">

    function addOptionToDropdown() {

        // lookup dropdown 'Customer Name'
        var select = document.querySelector("select[title='Customer Name']");

        // will read actual ID and Title from inputs
        var option = document.createElement('option');
        option.value = jQuery("#mylookupid").val();
        option.innerHTML = jQuery("#mylookuptext").val();   

        // add new option and select it
        select.appendChild(option);
        option.selected = true;
    }

    function init() {
        jQuery("#addoption").on("click", function () {
            addOptionToDropdown();
        });
    }

    _spBodyOnLoadFunctionNames.push("init");
</script>

Then I go to "Customers" list and create new item, Bob:

Now I have 'Bob' item with ID 138:

Ok, now I want to set this item as new lookup choice (my NewForm.aspx does not know about this new item). I enter ID and Title and press my button:

Bob added. But when I save form I get

"Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation."

Is it possible to avoid it(without CSR because I can't use it on Event forms)?

Answer 1

You've run afoul of ASP.NET's Event Validation feature. This is a security feature built into ASP.NET to combat against certain types of web exploits. Basically, it means the server is going to validate the data that gets posted back to it against what it served via server controls, and it they don't match, it's rejected.

http://odetocode.com/blogs/scott/archive/2006/03/20/asp-net-event-validation-and-invalid-callback-or-postback-argument.aspx

If you're running on-premises SharePoint you might be able to set the enableEventValidation to false in the web application's web.config. This may or may not work for you, and it might have unforeseen repercussions.

http://odetocode.com/blogs/scott/archive/2006/03/22/asp-net-event-validation-and-invalid-callback-or-postback-argument-again.aspx

One thing you might want to try is to simply hijack the save button, cancel the postback in the form and just save the list item directly in JavaScript. In fact that's what I would do.