当我尝试发布任何包含 <whatever> 的东西时,我得到了
从客户端检测到潜在危险的Request.Form值说明:请求验证已检测到潜在危险的客户端输入值,并且请求的处理已中止 . 此值可能表示尝试破坏应用程序的安全性,例如跨站点脚本攻击 . 要允许页面覆盖应用程序请求验证设置,请将httpRuntime配置部分中的requestValidationMode属性设置为requestValidationMode =“2.0” . 示例: . 设置此值后,您可以通过在Page指令或配置部分中设置validateRequest =“false”来禁用请求验证 . 但是,强烈建议您的应用程序在这种情况下明确检查所有输入 . 有关详细信息,请参阅http://go.microsoft.com/fwlink/?LinkId=153133 . 异常详细信息:System.Web.HttpRequestValidationException:从客户端检测到潜在危险的Request.Form值
我有以下asp.net代码
<asp:DetailsView ID="newsDetail" runat="server" DataSourceID="SqlDataSourceNews"
AutoGenerateRows="False" DataKeyNames="id"
OnItemUpdating="NewsDetailItemUpdating" OnItemCreated="NewsDetailItemCreated"
OnItemDeleted="NewsDetailItemDeleted" OnItemInserted="NewsDetailItemInserted"
OnItemInserting="NewsDetailItemInserting" OnItemUpdated="NewsDetailItemUpdated"
DefaultMode="Insert">
<Fields>
<asp:TemplateField FooterText="show at statpage" HeaderText="view" SortExpression="view">
...
</asp:TemplateField>
<asp:BoundField DataField="headline" HeaderText="Headline" SortExpression="headline">
</asp:BoundField>
<asp:TemplateField HeaderText="Text">
<ItemTemplate>
<asp:Label ID="post" runat="Server" Text='<%# Eval("post") %>' OnPreRender="PostLabelPreRender" />
</ItemTemplate>
<InsertItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</InsertItemTemplate>
<EditItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</EditItemTemplate>
</asp:TemplateField>
和代码
protected void NewsDetailItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
// Iterate though the values entered by the user and HTML encode
// the values. This helps prevent malicious values from being
// stored in the data source.
for (int i = 0; i < e.NewValues.Count; i++)
if (e.NewValues[i] != null)
e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString());
}
protected void NewsDetailItemInserting(object sender, DetailsViewInsertEventArgs e)
{
for (int i = 0; i < e.Values.Count; i++)
if (e.Values[i] != null)
e.Values[i] = Server.HtmlEncode(e.Values[i].ToString());
}
protected void NewsDetailItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemDeleted(object sender, DetailsViewDeletedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemCreated(object sender, EventArgs e)
{
newsList.DataBind();
}
2 回答
您遇到的问题是,在您的一个文本框中,您放置了html标记或只是<>符号,而.net框架将其视为潜在的危险脚本 . 这是为了防止人们在输入字段中放入恶意脚本标记 .
您可以通过放入您的页面指令
ValidateRequest="false"解决此问题,您还必须放入您的web.configrequestValidationMode="2.0"试试这个web.config文件添加或设置httpRuntime requestValidationMode为