当我试图发布任何包含<whatever>我得到的东西时
从客户端检测到潜在危险的Request.Form值说明:请求验证已检测到潜在危险的客户端输入值,并且请求的处理已中止.此值可能表示尝试破坏应用程序的安全性,例如跨站点脚本攻击.要允许页面覆盖应用程序请求验证设置,请将httpRuntime配置部分中的requestValidationMode属性设置为requestValidationMode ="2.0".示例:.设置此值后,您可以通过在Page指令或配置部分中设置validateRequest ="false"来禁用请求验证.但是,强烈建议您的应用程序在这种情况下明确检查所有输入.有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=153133.
异常详细信息:System.Web.HttpRequestValidationException:从客户端检测到潜在危险的Request.Form值
我有以下asp.net代码
<asp:DetailsView ID="newsDetail" runat="server" DataSourceID="SqlDataSourceNews"
AutoGenerateRows="False" DataKeyNames="id"
OnItemUpdating="NewsDetailItemUpdating" OnItemCreated="NewsDetailItemCreated"
OnItemDeleted="NewsDetailItemDeleted" OnItemInserted="NewsDetailItemInserted"
OnItemInserting="NewsDetailItemInserting" OnItemUpdated="NewsDetailItemUpdated"
DefaultMode="Insert">
<Fields>
<asp:TemplateField FooterText="show at statpage" HeaderText="view" SortExpression="view">
...
</asp:TemplateField>
<asp:BoundField DataField="headline" HeaderText="Headline" SortExpression="headline">
</asp:BoundField>
<asp:TemplateField HeaderText="Text">
<ItemTemplate>
<asp:Label ID="post" runat="Server" Text='<%# Eval("post") %>' OnPreRender="PostLabelPreRender" />
</ItemTemplate>
<InsertItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</InsertItemTemplate>
<EditItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</EditItemTemplate>
</asp:TemplateField>
和代码
protected void NewsDetailItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
// Iterate though the values entered by the user and HTML encode
// the values. This helps prevent malicious values from being
// stored in the data source.
for (int i = 0; i < e.NewValues.Count; i++)
if (e.NewValues[i] != null)
e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString());
}
protected void NewsDetailItemInserting(object sender, DetailsViewInsertEventArgs e)
{
for (int i = 0; i < e.Values.Count; i++)
if (e.Values[i] != null)
e.Values[i] = Server.HtmlEncode(e.Values[i].ToString());
}
protected void NewsDetailItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemDeleted(object sender, DetailsViewDeletedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemCreated(object sender, EventArgs e)
{
newsList.DataBind();
}
您遇到的问题是,在您的一个文本框中,您放置了html标记或只是<>符号,而.net框架将其视为潜在的危险脚本.这是为了防止人们在输入字段中放入恶意脚本标记.
你可以通过输入你的页面指令解决这个问题,ValidateRequest="false"你也必须将它放在你的web.config中requestValidationMode="2.0"
| 归档时间: |
|
| 查看次数: |
8403 次 |
| 最近记录: |