危险值 - 请求表
我正在 ASP.NET 2.0 中开发一个应用程序,在一个页面中我使用 FCKEditor。
在某些情况下,当我尝试保存页面内容时,出现异常,提示从客户端检测到潜在危险值 Request.From
(FCKeditor1=" < fck:meta content="t...")。
到目前为止,我无法检测到在哪些特定情况下会出现这种情况(顺便说一句,这种情况怎么可能只发生在某些保存上?)这种情况发生,但我用谷歌搜索了一下并尝试通过将 validateRequest="false" 添加到我的编辑器页面来禁用此页面的验证。 这显然解决了异常,但又提出了另一个问题。 在我的页面上,包含保存代码的按钮无法引起回发。我在代码隐藏的按钮代码的第一行有一个断点,它甚至没有被触发。
这样您就可以了解我的页面的结构,正如我所说,我的页面上有编辑器和一个按钮,单击该按钮即可执行代码以从编辑器检索值并保存它。
编辑:
<FCKeditorV2:FCKeditor HtmlEncodeOutput=true ID="FCKeditor1" runat="server" Height="700px" Width="800px" BasePath=""></FCKeditorV2:FCKeditor >
FCKeditor1.BasePath = EditorPath
FCKeditor1.Value = Line
这基本上就是我在加载页面时所做的事情。设置路径并填写编辑器的值。保存时,我执行相反的操作,检索值并处理字符串。该字符串(在未引发异常的一次中通过断点看到)类似于:
<fck:meta content="text/html; charset=utf-8" http-equiv="Content-Type"><fck:meta content="text/css" http-equiv="Content-Style-Type"><fck:meta name="generator" content="Aspose.Words for .NET 9.6.0.0">
还有更多 html 内容。
到目前为止,这是一个令人烦恼的问题,任何建议或启发将不胜感激。
I am developing an application in ASP.NET 2.0, and in one page i am using a FCKEditor.
In some cases, when i try to save the content of the page i get an exception saying that a potentially dangerous value was detected Request.From from the client
(FCKeditor1=" < fck:meta content="t...").
I couldn't detect so far in which specific cases (btw, how can this occur only on some saves?) this occurs but i googled a bit and tried to disable the validation for this page by adding validateRequest="false" to my editor page.
This apparently solves the exception but raises another question.
With this on my page, the button that contains the saving code fails to cause a postback. I have a breakpoint on the first line of my button code on codebehind and it is not even fired.
So that you understand the structure of my page and as i said, i have the editor on my page and a button that on click executes code to retrieve the value from the editor and saving it.
EDIT:
<FCKeditorV2:FCKeditor HtmlEncodeOutput=true ID="FCKeditor1" runat="server" Height="700px" Width="800px" BasePath=""></FCKeditorV2:FCKeditor >
FCKeditor1.BasePath = EditorPath
FCKeditor1.Value = Line
This is basically what i am doing on the loading of the page. Setting the path and filling the value of the editor. On save, i do the opposite, retrieving the value and processing the string. This string (as seen by a breakpoint in one of the times the exception is not thrown) is something like:
<fck:meta content="text/html; charset=utf-8" http-equiv="Content-Type"><fck:meta content="text/css" http-equiv="Content-Style-Type"><fck:meta name="generator" content="Aspose.Words for .NET 9.6.0.0">
and more html ahead.
This is by far an annoying problem and any sugestion or enlightenment would be highly appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当表单发布值包含尖括号时,通常会触发有关提交潜在危险值的错误。
这里的情况就是这样,因为您似乎正在使用 FCKeditor 来编辑 HTML,因此您将需要
validateRequest="false",就像您已经完成的那样。至于根本不发布的表单,这表明:
'和双引号"一个The error about a potentially dangerous value being submitted is usually triggered when a form post value contains angle brackets.
This is the case here as it looks like you're using the FCKeditor to edit HTML so you'll need the
validateRequest="false"as you've already done.As for the form not posting at all, this points to either:
'and double-quotes"<button />element to submit the form, it needs the propertytype="submit"(that one caught me out last week)