在查询字符串中发送 Server.UrlEncoded XML 导致错误
我正在尝试发送一个 XML 字符串作为查询字符串的一部分。通常我会发布此 XML,但我将其发送到无法发布内容的第三方系统。
因此,我需要第三方系统来请求我系统中某一页面的服务。 (说明:第 3 方系统生成我的网页的 PDF。我给它一个指向我的页面的 URL,它就是该页面的 PDF。因此,XML 文件包含我生成页面所需的数据)
无论如何,我得到我的查询字符串如下:
string data = Server.UrlEncode(xmlSnippet.ToString());
string sFullUrl = urlString + "?data=" + data;
我向第三个伙伴系统提供此 URL,它会调用我的页面..除非请求未到达该页面。它无法进入 Application_Error 处理程序,并显示以下消息:
"A potentially dangerous Request.QueryString value was detected from the client (data=[my XML data])"
据我所知,我发送的数据是安全的,有什么方法可以使其工作吗?
谢谢
I'm trying to send a string of XML as part of the query string. Normally I'd POST this XML but I'm sending it to a 3rd party system that I can't POST stuff to.
So, as it goes, I need the 3rd party system to request the services of one of the pages in my system. (explanation: the 3rd party system produces PDFs of my web pages. I give it a URL to my page, and it PDF's that page. So, the XML file contains data that I need to generate the page)
Anyway, I'm getting my query string as follows:
string data = Server.UrlEncode(xmlSnippet.ToString());
string sFullUrl = urlString + "?data=" + data;
I give the 3rd pary system this URL, and it calls my page.. except the request doesn't reach the page. It's failing into the Application_Error handler with this message:
"A potentially dangerous Request.QueryString value was detected from the client (data=[my XML data])"
As I know the data I'm sending is safe, is there any way I can make this work?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要禁用请求验证。
这是一个完全被破坏且无效的“反跨站点脚本”功能,非常遗憾的是,该功能在 ASP.NET 中默认打开。它将阻止对任何包含看起来像标签的传入数据的请求的访问。
You need to disable Request Validation.
This is a hopelessly broken and ineffective “anti-cross-site-scripting” feature which, very regrettably, is turned on by default in ASP.NET. It will block access for any request containing incoming data that looks like a tag.