发布字段中带有 html 标签的表单时出现错误

发布于 2024-10-09 01:13:57 字数 1066 浏览 6 评论 0原文

我正在使用 Ajax 控制工具包 3.5。我有一个这样的表格:

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

此页面的相关代码隐藏是这样的:

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

当我将“foo”写入 TextBox1 时,它会成功地将其复制到 Label1 中。但是,如果我使用一些 HTML 标签(例如“foo”)将任何文本写入文本框中我在 IE 状态栏中收到以下 Javascript 错误:

alt text

我该如何解决此问题?

提前致谢。

I am using Ajax Control Toolkit 3.5. I have a form like this:

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

And related codebehind of this page is this:

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

When I write for example "foo" into the TextBox1 it succesfully copies that into Label1. But if I write any text into the textbox with some HTML tags like "<b>foo</b>" i get following Javascript error in IE statusbar:

alt text

How can I solve this?

Thanks in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

淡淡離愁欲言轉身 2024-10-16 01:13:58

发布这个问题后,我想到了从 UpdatePanel 中取出表单字段并重试相同操作的想法。宾果!它抛出以下异常:

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

看到此错误后,将以下代码添加到 <%@ Page %> 中:页面的部分解决了这个问题。

ValidateRequest="false"

希望这对其他人有帮助......

Just after posting this question, the idea of taking the form fields out of UpdatePanel and retrying the same operation came to my mind. Bingo! It throws the following exception:

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

After seeing this error, adding the following code to the <%@ Page %> section of the page solved the problem.

ValidateRequest="false"

Hope this helps to others...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文