发布字段中带有 html 标签的表单时出现错误

发布于 2024-10-09 01:13:57 字数 1066 浏览 3 评论 0原文

我正在使用 Ajax 控制工具包 3.5。我有一个这样的表格：

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

此页面的相关代码隐藏是这样的：

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

当我将“foo”写入 TextBox1 时，它会成功地将其复制到 Label1 中。但是，如果我使用一些 HTML 标签（例如“foo”）将任何文本写入文本框中我在 IE 状态栏中收到以下 Javascript 错误：

alt text

我该如何解决此问题？

提前致谢。

原文

I am using Ajax Control Toolkit 3.5. I have a form like this:

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

And related codebehind of this page is this:

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

When I write for example "foo" into the TextBox1 it succesfully copies that into Label1. But if I write any text into the textbox with some HTML tags like "<b>foo</b>" i get following Javascript error in IE statusbar:

alt text

How can I solve this?

Thanks in advance.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

淡淡離愁欲言轉身 2024-10-16 01:13:58

发布这个问题后，我想到了从 UpdatePanel 中取出表单字段并重试相同操作的想法。宾果！它抛出以下异常：

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

看到此错误后，将以下代码添加到 <%@ Page %> 中：页面的部分解决了这个问题。

ValidateRequest="false"

希望这对其他人有帮助......

Just after posting this question, the idea of taking the form fields out of UpdatePanel and retrying the same operation came to my mind. Bingo! It throws the following exception:

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

After seeing this error, adding the following code to the <%@ Page %> section of the page solved the problem.