dotnet中为了安全起见,缺省不允许提交带尖括号的文本,防止提交脚本,出现安全问题。当提交这种文本时,出现下面的错误:
A potentially dangerous Request.Form value was detected from the client (tbFrom=”“zhouhh”ablo_zhou@163.com”).
**Description: **Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
**Exception Details: **System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (tbFrom=”“zhouhh”ablo_zhou@163.com”).
这可以有两种解决办法。1种,就是牺牲安全性,在Web.Config中加入一行:
这当然不是终极解决办法。
另一种,就是用Server.UrlEncode(“text”), Server.UrlDecode(“text”);
如非注明转载, 均为原创. 本站遵循知识共享CC协议,转载请注明来源
