discuz ASP.NET 4.0验证请求 A potentially dangerous Request.Form value was detected from the client
2012-05-07 19:42
423 查看
服务器系统使用Windows 2003,ASP.NET 4.0,Discuz.Net版本
发表新贴子报错如下:
Description:
Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To
allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value,
you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information,
see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (topicsubmit="<SPAN>发表帖子</SPAN>").
当你在安装了.NET Framework 4.0以上版本后,当你的应用程序以.NET Framework 4.0为框架版本,你的任意服务器请求,都将被进行服务器请求验证(ValidationRequest),这不仅包括ASP.NET,同时也包括Web Services等各种HTTP请求,不仅仅针对aspx页面,也针对HTTP Handler,HTTP Module等,因为这个验证(Valify)的过程,将会发生在BeginRequest事件之前。
基于以上原理,在ASP.NET之前的版本中,请求验证也是默认开通的,但是发生在页面级(aspx)的,并且只在请求执行的时候生效,因此,在旧的版本中,我们只需要按以下方式配置即可:
在页面级别(aspx中)设置
ValidateRequest="false"
或者
在全局级别(Web.config中)设置
<configuration>
<system.web>
<pages validateRequest="false">
但是,以上设置仅对ASP.NET4.0以上有效。在ASP.NET4.0版本上,我们需要更多一行的配置:
在全局级别(Web.config中)设置
<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0">
这一点其实在发生错误的页面中已经有说明了。在实际使用过程中,不仅如此,而且我发现requestValidationMode只要设置成小于4.0就可以,比如:1.0,2.0,3.0,3.9都是可以的,错误提示中指明用2.0,目的只是说明用ASP.NET 2.0的默认方式进行工作。
发表新贴子报错如下:
Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client (topicsubmit="<SPAN>发表帖子</SPAN>").Description:
Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To
allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value,
you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information,
see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (topicsubmit="<SPAN>发表帖子</SPAN>").
当你在安装了.NET Framework 4.0以上版本后,当你的应用程序以.NET Framework 4.0为框架版本,你的任意服务器请求,都将被进行服务器请求验证(ValidationRequest),这不仅包括ASP.NET,同时也包括Web Services等各种HTTP请求,不仅仅针对aspx页面,也针对HTTP Handler,HTTP Module等,因为这个验证(Valify)的过程,将会发生在BeginRequest事件之前。
基于以上原理,在ASP.NET之前的版本中,请求验证也是默认开通的,但是发生在页面级(aspx)的,并且只在请求执行的时候生效,因此,在旧的版本中,我们只需要按以下方式配置即可:
在页面级别(aspx中)设置
ValidateRequest="false"
或者
在全局级别(Web.config中)设置
<configuration>
<system.web>
<pages validateRequest="false">
但是,以上设置仅对ASP.NET4.0以上有效。在ASP.NET4.0版本上,我们需要更多一行的配置:
在全局级别(Web.config中)设置
<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0">
这一点其实在发生错误的页面中已经有说明了。在实际使用过程中,不仅如此,而且我发现requestValidationMode只要设置成小于4.0就可以,比如:1.0,2.0,3.0,3.9都是可以的,错误提示中指明用2.0,目的只是说明用ASP.NET 2.0的默认方式进行工作。
相关文章推荐
- 解决ASP.NET 4.0 "A potentially dangerous Request.Form value was detected from the client". 错误
- 自己留存:小经验在asp.net 4.5或者asp.net mvc 5解决A potentially dangerous Request.Form value was detected from the client
- 处理asp.net出现A potentially dangerous Request.Form value was detected from the client
- MVC 请求参数中带有HTML会引发Validation异常 ("A potentially dangerous Request.Form value was detected from the client")
- 【asp.net mvc】A potentially dangerous Request.Path value was detected from the client(检测到客户端有潜在危险的Request.Path值)
- .net 4.0 A potentially dangerous Request.Form value was detected from the client 的解决方案
- 解决.Net 4.0 A potentially dangerous Request.Form value was detected from the client 异常
- 解决.Net 4.0 A potentially dangerous Request.Form value was detected from the client 异常
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client 的处理
- A potentially dangerous Request.Form value was detected from the client问题处理
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client 的解决方法
- A potentially dangerous Request.Form value was detected from the client
- 错误解决:[A potentially dangerous Request.Form value was detected from the client (warning="卡Ć..."). ]
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client (txtTest="").
- 出现错误‘A potentially dangerous Request.Form value was detected from the client’的解决方案