处理潜在危险的查询字符串
我的项目实现搜索(从默认 HTML 页面)并将重定向到搜索页面(ASPX 页面),并且我使用查询字符串来传递搜索值。当语言设置为非英语(例如泰语、西里尔语)时,我收到潜在危险的Request.QueryString value服务器错误。
有什么办法可以从客户端处理这个问题吗?目前我无法找到从页面本身处理此问题的方法(Page_Load,Page_PreInit 未触发)。
这是我用于重定向的代码:
function Search() {
var searchString = document.getElementById('txtSearch').value;
location.href = "/Search.aspx?search=" + searchString;
}
My project implements search (from default HTML page) and will redirect to the search page (ASPX page) and I'm using query string to pass the search value. I'm getting potentially dangerous Request.QueryString value server error when language is set to non-english (e.g. thai, cyrillic).
Is there any way to handle this from client side? Currently I can't find a way to handle this from the page itself (Page_Load, Page_PreInit isn't triggering).
Here's the code I used for redirecting:
function Search() {
var searchString = document.getElementById('txtSearch').value;
location.href = "/Search.aspx?search=" + searchString;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
将
validateRequest="false"添加到您的 .Net Page 或 Web.config 文件,或者
您可以对您的 url 变量进行编码,添加
encodeURIComponent:Adding
validateRequest="false"to you .Net Page or Web.config fileOR
you can encode your url vars, adding
encodeURIComponent:如果您的数据看起来大致像代码,您可能必须禁用此验证;但是您需要真正确定您的代码处理,特别是避免 XSS 和 SQL 注入攻击。您应该能够在 aspx
validateRequest=false中设置以在每个页面上禁用:或者如果您在任何地方都需要它,则可以在 web.config 中全局禁用。
If your data is going to look roughly like code you may well have to disable this validation; but then you need to be really sure about your code handling, in particular avoiding XSS and SQL injection attacks. You should be able to set in the aspx
validateRequest=falseto disable on a per-page basis:or globally in the web.config if you need this everywhere.