A potentially dangerous Request.Path value was detected from the client 异常

最新推荐文章于 2019-04-17 14:09:45 发布
最新推荐文章于 2019-04-17 14:09:45 发布
阅读量1w 收藏 2
点赞数
文章标签: asp.net url 面试
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ghj1976/article/details/5701277
版权

我们在ASP.net 4.0 中使用URL导向后, 我们在访问类似如下的地址时 http://wz.csdn.net/yanjinde77/一个面试题!********/,就会报错误: 

A potentially dangerous Request.Path value was detected from the client

at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()  

at System.Web.HttpApplication.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

这是因为上述地址中有*这个特殊字符存在。

如果你想不让ASP.net 替你拦截这些特殊字符,你需要设置如下Web.config的节:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
	<system.web>
		<httpRuntime requestPathInvalidCharacters="" />
	</system.web>
</configuration>

注意其中的requestPathInvalidCharacters 它是一个以逗号分隔的无效字符列表。不设置它时,它默认的无效字符集(以,分割)是后面7个:<,>,*,%,&,:,/

即,不设置这个属性,默认就是如下设置:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
	<system.web>
		<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,:,&amp;,/" />
	</system.web>
</configuration>

如果你想这些字符全部不受限制,就应该设置 requestPathInvalidCharacters="" , 如果是部分字符受限制,部分字符不受限制,就需要在 requestPathInvalidCharacters 中设置需要受限制的字符,不受限制的不用设置。

 

参考资料:

Experiments in Wackiness: Allowing percents, angle-brackets, and other naughty things in the ASP.NET/IIS Request URL
http://www.budoou.com/article/981320/

蝈蝈俊
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
A potentially dangerous Request.Form value was detected from the client
taoerchun的专栏
04-25 1883
错误解决:A potentially dangerous Request.Form value was detected from the client 在网站后台插入数据,返回下面的错误:系统检测到有潜在危险的 Request.Form 值。 A potentially dangerous Request.Form value was detected from the client
VS.NET常见错误及解决方法集锦
远方星空
05-04 1426
一.vs.net在新建工程时弹出"Automation 服务器不能创建对象"的解决方案原因是FileSystemObject创建失败的问题,解决的方法:运行Regsvr32 scrrun.dll二. 错误提示: A potentially dangerous Request.Form value was detected from the client (txtTest=""). 由于在.net中
错误解决:[A potentially dangerous Request.Form value was detected from the client]
大伟先生
02-18 1234
错误提示: 从客户端(TextBox1=" A potentially dangerous Request.Form value was detected from theclient (txtTest="").由于在.net中,Request时出现有HTML或Javascript等字符串时,系统会认为是危险性值。立马报错。 解决方案一: 在.aspx文件头中加入这句: <%@ Page
A potentially dangerous Request.Path value was detected from the client异常解决方案
weixin_34332905的博客
05-29 311
场景: 当URL中存在“&lt;,&gt;,*,%,&amp;,:,/”特殊字符时,页面会抛出A potentially dangerous Request.Path value was detected from the client异常。   原因: 是ASP.NET默认的拦截机制,保证页面URL传输的一定安全性。   解决方案有两种: 第一种,直接去除页面请求危险字符验证: ...
从客户端中检测到有潜在危险的 Request.Form 值的解决方法
richnaly的胸怀
06-29 2809
错误信息:  中文信息:  从客户端(FreeTextBox1=" aa...")中检测到有潜在危险的 Request.Form 值。  英文信息:  A potentially dangerous Request.Form value was detected from the client (FreeTextBox1="aa...")    解决方法:  这是.net
尝试围绕“潜在危险的Request.Form”捕获块
04-05
在具体实践中,你可以阅读"try-catch-block-around-A-potentially-dangerous-Req.pdf"文件,它很可能提供了更深入的讲解,包括如何构造有效的try-catch块以及处理特定异常的策略。这个文件应该详细介绍了在处理可能...
a project model for the FreeBSD Project.7z
08-21
A project model for the FreeBSD Project Niklas Saers Copyright © 2002-2005 Niklas Saers [ Split HTML / Single HTML ] Table of Contents Foreword 1 Overview 2 Definitions 2.1. Activity 2.2. Process ...
A PACKING GENERATION SCHEME FOR THE GRANULAR.pdf
10-07
The packing program was coded based on a newly proposed scheme which obeys the no interpenetration kinematics of solid bodies. New contact detection algorithms for any two ellipsoids in the packing ...
Application of a novel IWO to the design of encoding sequences for DNA computing
02-21
Encoding and processing information in DNA-, RNA- and other biomolecule-based devices is an important requirement for DNA based computing with potentially important applications. To make DNA computing...
A potentially dangerous Request.Form value was detected from the client (txtTest="").
东亮博客
03-21 2891
<br /><br />错误提示: <br />A potentially dangerous Request.Form value was detected from the client<br />(txtTest="<b>").<br />由于在.net中,Request时出现有HTML或Javascript等字符串时,系统会认为是危<br />险性值。立马报错。<br />解决方案一: <br />在.aspx文件头中加入这句: <br /><%@ Page validateRequest="fal
出现错误‘A potentially dangerous Request.Form value was detected from the client’的解决方案...
weixin_30731287的博客
12-24 180
在ASP.NET中出现A potentially dangerous Request.Form value was detected from the client错误是因为Request时出现有HTML或Javascript等字符串时,系统会认为是危险性值。解决方案: 在.aspx文件头中加入: <%@ Page validateRequest="false" %>   ...
.net报错----A potentially dangerous Request.Form value was detected from the client
梦悠哉的博客
04-17 2531
问题    .net项目,项目表单里面需要提交带有<strong></strong>或者<br/>这种带有html标签的字符串,提交标签时候就会出现A potentially dangerous Request.Form value was detected from the client错误,如下面截图: 原因   &...
A potentially dangerous Request.Form value was detected from the client问题处理
aqax87143的博客
11-26 165
问题剖析: 用户在页面上提交表单到服务器时,服务器会检测到一些潜在的输入风险,例如使用富文本编辑器控件(RichTextBox、FreeTextBox、CuteEditor等)编辑的内容中包含有HTML标记或脚本标记,ASP.NET页面会 抛出一个"A potentially dangerous Request.Form value was deceted from the c...
【asp.net mvc】A potentially dangerous Request.Path value was detected from the client(检测到客户端有潜在危险的Req...
weixin_33696106的博客
05-20 120
ASP.NET MVC 框架禁止用户提交带有潜在危险性的内容,例如,如果在文本输入框中输入HTML内容,则会报告类似如下的错误: 从客户端(TextBox1="&lt;a&gt;&lt;/a&gt;")中检测到有潜在危险的 Request.Form 值。 这个功能可以减少脚本攻击的可能性,但有时候,又需要允许客户输入HTML内容,如发布文章,又必须禁止请求的验证功能,这个时候,在页面中写...
A potentially dangerous Request Path value was detected from
jfdtygv的博客
11-08 174
A potentially dangerous Request Path value was detected from
The request was rejected because the URL contained a potentially malicious String “;
最新发布
06-14
遇到"The request was rejected because the URL contained a potentially malicious string ‘;’"这样的错误提示,通常意味着服务器检测到了URL中存在可能被视为安全威胁的字符序列。在HTTP请求中,特别是JavaScript或API调用中,URL需要遵循特定的安全规范,以防止注入攻击,比如SQL注入、跨站脚本(XSS)等。 1. URL编码:在某些情况下,分号(;)可能被误识别为特殊字符,需要进行URL编码(%3B),将其转换为安全的十六进制形式。 2. 输入验证:确保用户输入的URL是经过验证的,只允许包含合法的字符和结构,避免恶意修改。 3. 安全策略:检查应用程序的安全配置,如CSP(Content Security Policy),它可以帮助限制加载的内容,以防止恶意URL。 4. 防火墙规则:可能是网络防火墙阻止了包含特殊字符的请求,检查防火墙设置,确认是否误阻。
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值