ASP.net 危险提交错误
当我尝试运行论坛页面时:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
在我的 web.config 中我有:
<pages validateRequest="false" smartNavigation="false">
在实际页面上我也有:
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" MasterPageFile="~/MasterPages/Main.master" %>
但它一直抛出此错误!
编辑
我用以下方法修复了它:
<httpRuntime requestValidationMode="2.0" />
但是它有什么作用以及为什么它有效?
When I try and run a forum page:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
In my web.config I have:
<pages validateRequest="false" smartNavigation="false">
And on the actual page I also have:
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" MasterPageFile="~/MasterPages/Main.master" %>
But it keeps throwing this error!
Edit
I fixed it with:
<httpRuntime requestValidationMode="2.0" />
But what's that do and why does it work?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
发生此错误的原因是提交的表单或查询字符串中的某些内容对于 ASP.NET 中的验证来说看起来很危险。
通过添加,
您可以放松应用于 ASP.NET 2 标准的验证。
我想说,尝试准确地找出它在表单/查询字符串中所反对的内容,比仅仅放松验证要好得多。这种严格的验证是为了保护您和您的用户,不应轻易放松。
最近,当我们升级到 ASP.NET MVC3(从版本 2)时,我在我正在从事的一个项目中遇到了这个问题。在我们的例子中,它实际上突出了一个问题,即我们在无意中对查询字符串进行了 url 编码(即,包括问号和与号在内的整个查询字符串都在不应该进行的情况下进行了 url 编码)。
无论您的原因是什么,如果可能的话,请寻找根本原因,而不是放松验证。
This error occurs because something in the submitted form, or in the querystring, looked dangerous to the validation in ASP.NET.
By adding
you are relaxing the validation that is applied back to the standards of ASP.NET 2.
I would say you are far better off trying to work out exactly what it objects to in your form/querystring than just relaxing the validation. This tightened validation is there to protect you and your users, and shouldn't be relaxed lightly.
I have recently hit this on a project I am working on when we upgraded to ASP.NET MVC3 (from version 2). In our case it actually highlighted an issue whereby we were urlencoding our querystring when we didn't mean to (i.e. the entire quertstring including the question mark and the ampersands was all getting url encoded when it shouldn't be).
Whatever your reason, look for the root cause rather than relax the validation if it is at all possible.
提交的文本中可能有标记。 http://www.asp.net/learn/whitepapers/aspnet4/writing-changes
There was probably markup in the submitted text. http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes