zoukankan      html  css  js  c++  java
  • A potentially dangerous Request.Form value was detected from the client

    A potentially dangerous Request.Form value was detected from the client

    针对这个问题,以前在.net Framework2.0里,只要修改

    <pages validateRequest="false" /> 
    就可以

    但是现在在4.0里,需要修改

    The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.

    In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.

    As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:

    <httpRuntime requestValidationMode="2.0" />

    However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

    这样才对

  • 相关阅读:
    通过 VB5 创建 ActiveX DLL 文件并用 ASP 调用一例
    Autocad VBA初级教程
    自学资料第一集
    Linux虚拟化:10个不得不爱的理由
    EXCEL VBA编程的一些小结
    FAQ 工作薄及工作表
    很重要的EXCEL使用技巧
    Excel VBA编程的常用代码
    VBA生成一个CorelDraw工具栏
    支付宝,网银在线,快钱 3大支付接口的集成与对比,统合实现
  • 原文地址:https://www.cnblogs.com/sdytzz/p/2768823.html
Copyright © 2011-2022 走看看