dotnet 如何提交带尖括号的文本?

abloz 2005-06-25
2005-06-25

dotnet中为了安全起见,缺省不允许提交带尖括号的文本,防止提交脚本,出现安全问题。当提交这种文本时,出现下面的错误:

A potentially dangerous Request.Form value was detected from the client (tbFrom=”“zhouhh”ablo_zhou@163.com”).

**Description: **Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

**Exception Details: **System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (tbFrom=”“zhouhh”ablo_zhou@163.com”).

这可以有两种解决办法。1种,就是牺牲安全性,在Web.Config中加入一行:

这当然不是终极解决办法。

另一种,就是用Server.UrlEncode(“text”), Server.UrlDecode(“text”);


如非注明转载, 均为原创. 本站遵循知识共享CC协议,转载请注明来源