ASP.NET 4.0验证请求 A potentially dangerous Request.Form value was detected from the client (ctl00$MainC...

最新推荐文章于 2019-07-31 22:42:01 发布
最新推荐文章于 2019-07-31 22:42:01 发布
阅读量97 收藏
点赞数
原文链接:http://www.cnblogs.com/caicainiao/archive/2010/01/14/1647269.html
版权

A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtCode="<code></code>").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtCode="<code></code>").
Version Information: Microsoft .NET Framework Version:4.0.21006; ASP.NET Version:4.0.21006.1

 

在安装了Visual Studio 2010 Beta2之后,当页面输入框默认情况下输入“<”或者“>”的时候。按照访问策略,这将导致一些安全问题,诸如:跨站脚本攻击(cross-site scripting attack)。而这个问题的更准确描述则是,当你在安装了.NET Framework 4.0以上版本后,当你的应用程序以.NET Framework 4.0为框架版本,你的任意服务器请求,都将被进行服务器请求验证(ValidationRequest),这不仅包括ASP.NET,同时也包括Web Services等各种HTTP请求,不仅仅针对aspx页面,也针对HTTP Handler,HTTP Module等,因为这个验证(Valify)的过程,将会发生在BeginRequest事件之前。

基于以上原理,在ASP.NET之前的版本中,请求验证也是默认开通的,但是发生在页面级(aspx)的,并且只在请求执行的时候生效,因此,在旧的版本中,我们只需要按以下方式配置即可:

在页面级别(aspx中)设置
ValidateRequest="false"
或者
在全局级别(Web.config中)设置
<configuration>
    <system.web>
        <pages  validateRequest="false">

但是,以上设置仅对ASP.NET4.0以上有效。在ASP.NET4.0版本上,我们需要更多一行的配置:

在全局级别(Web.config中)设置
<configuration>
    <system.web>
        <httpRuntime  requestValidationMode="2.0">

这一点其实在发生错误的页面中已经有说明了。在实际使用过程中,不仅如此,而且我发现requestValidationMode只要设置成小于4.0就可以,比如:1.0,2.0,3.0,3.9都是可以的,错误提示中指明用2.0,目的只是说明用ASP.NET 2.0的默认方式进行工作。

转载于:https://www.cnblogs.com/caicainiao/archive/2010/01/14/1647269.html

dingdingshinie1008
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
asp.net4.0框架下验证机制失效的原因及处理办法
01-20
ASP.NET请求验证功能为我们提供应用程序的安全保证,避免站点受到XSS跨站脚本攻击。...但是在ASP.NET 4.0框架下,你会发现,即使你这样做,仍然会提示你这样的一个异常“A potentially dangerous Request.Form v
ASP.NET.Web.API.and.Angular.2.17864
10-17
Learn how to design Single Page Applications (SPAs) with the latest versions of the popular frameworks Angular 2 and ASP.NET Web API An explicit focus on understanding how the two tools fit together ...
ASP.NET 4.0验证请求(更新)<-加入Google Wave一起讨论!
weixin_33713707的博客
10-31 107
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtCode="&lt;code&gt;&lt;/code&gt;"). Description: Request Validation has detected a potentially dangerous ...
A potentially dangerous Request.Form value was detected from the client
y_h_t的专栏
01-15 748
用户在页面上提交表单到服务器时,服务器会检测到一些潜在的输入风险,例如使用富文本编辑器控件(RichTextBox、FreeTextBox、CuteEditor等)编辑的内容中包含有HTML标记或脚本标记,ASP.NET页面会抛出一个"A potentially dangerous Request.Form value was deceted from the client"的异常。这个是ASP.
ASP.NET 4.0 页面 ValidateRequest="false" 失效不起作用
weixin_30426065的博客
03-14 119
ASP.NET 2.0升级到 ASP.NET 4.0后,页面的 ValidateRequest=”false” 不起作用. 因为 ASP.NET 4.0 请求验证被提前到IHttpHandler.BeginRequest这个方法之前,所有进入ASP.NET请求都将会被进行请求内容合法性的验证,而这一合法性验证将由 web.config 文件中 validateReq...
网页报错:A potentially dangerous Request.Form value was detected from the client
weixin_30650039的博客
07-31 253
在.net中,Request时出现有HTML或Javascript等字符串时,系统会认为是危险性值,立马报错。现提供以下两种解决方案,供参考: 解决方案一: 在.aspx文件头中加入这句: <%@ Page validateRequest="false" %> 解决方案二: 修改web.config文件: <configuration> <system...
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$DetailsView1$TextBox2="<a href='http:
Summeralick的专栏
03-16 1093
<br />错误提示:<br /> A potentially dangerous Request.Form value was detected from the client.<br />由于在.net中,Request时出现有HTML或Javascript等字符串时,系统会认为是危险性值。立马报错。<br />解决方案一: <br />在.aspx文件头中加入这句: <br /><%@ Page validateRequest="false" %><br />解决方案二: <br />修改web.co
论文研究-Symbol Error Rate of Dual-hop Cooperative Communication Systems with Arbitrary Regenerative Relays.pdf
08-16
Symbol Error Rate of Dual-hop Cooperative Communication Systems with Arbitrary Regenerative Relays,徐峰,岳殿武,This paper presents an investigation on dual-hop ... Potentially relay nodes which can su
a project model for the FreeBSD Project.7z
08-21
A project model for the FreeBSD Project Niklas Saers Copyright © 2002-2005 Niklas Saers [ Split HTML / Single HTML ] Table of Contents Foreword 1 Overview 2 Definitions 2.1. Activity 2.2. Process ...
A PACKING GENERATION SCHEME FOR THE GRANULAR.pdf
10-07
The packing program was coded based on a newly proposed scheme which obeys the no interpenetration kinematics of solid bodies. New contact detection algorithms for any two ellipsoids in the packing ...
金蝶K3 PLM V13.1_用户手册_变更管理
07-07
金蝶K3 PLM V13.1_用户手册_变更管理
<pages validateRequest="false"/>在.net4.0中无效的问题
weixin_30657541的博客
06-12 104
再web.config中设置<pages validateRequest="false"/>在.net4.0中无效的问题 解决方案: <system.web> <httpRuntime requestValidationMode="2.0"/> <pages validateRequest="false...
ASP.net 4.0嵌入Ckeditor 3.5 报错A potentially dangerous Request.Form value was detected from the client 的解决办法
东亮博客
03-29 3349
<br />新发布的版本Ckeditor3.5 嵌入到 ASP.net 4.0 页面时报错如下:<br /><br />--------------------------------------------------------------------------------<br /><br />Server Error in '/' Application. <br />-----------------------------------------------------------------
错误解决:[A potentially dangerous Request.Form value was detected from the client]
大伟先生
02-18 1225
错误提示: 从客户端(TextBox1=" A potentially dangerous Request.Form value was detected from theclient (txtTest="").由于在.net中,Request时出现有HTML或Javascript等字符串时,系统会认为是危险性值。立马报错。 解决方案一: 在.aspx文件头中加入这句: <%@ Page
org.springfraneaorn.security web.fireall.RequestRejectedException:The request was rejected because the UAL contained a potentially malicious String "//"
最新发布
07-14
它表示请求被拒绝,因为 URL 中包含了一个潜在恶意的字符串 "//"。这是一种常见的安全漏洞攻击方式,被视为可能引发路径遍历或目录穿越等问题的风险。 为了解决这个问题,你可以考虑以下几个方案: 1. 验证用户...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值