A potentially dangerous Request.Form value was detected from the client
2010-06-01 12:23
381 查看
出现问题拉! A potentially dangerous Request.Form value was detected from the client
我在WebConfig和Page中都设置了ValidateRequest="false" ,并且使用HttpUtility.Encode进行编码.依然不管用...
使用的.net Framwork 4
百度了一下:
依然不得其解,晕!
最后在老外的网站上搞定:
In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.
As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:
<httpRuntime requestValidationMode="2.0" />
However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.
我在WebConfig和Page中都设置了ValidateRequest="false" ,并且使用HttpUtility.Encode进行编码.依然不管用...
使用的.net Framwork 4
百度了一下:
依然不得其解,晕!
最后在老外的网站上搞定:
ASP.NET Request Validation
The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.
As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:
<httpRuntime requestValidationMode="2.0" />
However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.
相关文章推荐
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- 错误提示: A potentially dangerous Request.Form value was detected from the client ....
- A potentially dangerous Request.Form value was detected from the client(txtTest="<b>").
- A potentially dangerous Request.Form value was detected from the client
- 处理asp.net出现A potentially dangerous Request.Form value was detected from the client
- 错误解决:[A potentially dangerous Request.Form value was detected from the client (warning="卡Ć..."). ]
- A potentially dangerous Request.Form value was detected from the client
- 解决报错:A potentially dangerous Request.Form value was detected from the client
- 网页报错:A potentially dangerous Request.Form value was detected from the client
- 错误解决:[A potentially dangerous Request.Form value was detected from the client (warning="卡Ć.
- .net 4.0 A potentially dangerous Request.Form value was detected from the client 的解决方案
- discuz ASP.NET 4.0验证请求 A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client (FCKeditor="<img alt="" src=
- A potentially dangerous Request.Form value was detected from the client (txtTest="").