zoukankan      html  css  js  c++  java
  • 解决在.NET 4.0下无法发送包含尖括号等请求的问题

      今天在做一个简单的数据添加时,使用jQuery的ajax的post操作,发现如果包含尖括号等html格式数据的请求无法发给服务端。 

      以往的做法就是在页面中或web.config中的pages节点中增加属性validateRequest="false"或者在具体页面中

    ValidateRequest="false"增加就可以了。但配置了之后发现还是不行。

      在错误描述中可以看出,在.NET 4.0中,需要在webconfig中的httpRuntime配置节中增加属性 requestValidationMode="2.0"。问题解决了。

    A potentially dangerous Request.Form value was detected from the client (ProjectName="<script>alert('');</...").

    Description:Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.


    是不是因为corss-site scripting attack日渐猖獗,所以微软才在.NET 4.0中强制进行请求验证呢?还请高人解答。

  • 相关阅读:
    在windows下如何批量转换pvr,ccz为png或jpg
    cocos2d-x 中的 CC_SYNTHESIZE 自动生成 get 和 set 方法
    制作《Stick Hero》游戏相关代码
    触摸事件的setSwallowTouches()方法
    随机生成数(C++,rand()函数)
    随机生成数
    cocos2d-x 设置屏幕方向 横屏 || 竖屏
    Joystick 摇杆控件
    兔斯基 经典语录
    Cocos2d-x 3.2 EventDispatcher事件分发机制
  • 原文地址:https://www.cnblogs.com/EddyPeng/p/2658305.html
Copyright © 2011-2022 走看看