发表新帖
发表新帖

A potentially dangerous Request.Form value was detected from the client

前端 未结
关注
30 2278
刺人心
刺人心 2020-11-21 05:24

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

30条回答
  • 旧时难觅i
    旧时难觅i (楼主)
    2020-11-21 05:42

    For ASP.NET 4.0, you can allow markup as input for specific pages instead of the whole site by putting it all in a element. This will make sure all your other pages are safe. You do NOT need to put ValidateRequest="false" in your .aspx page.

    
...
  
    
      
      
    
  
...

    It is safer to control this inside your web.config, because you can see at a site level which pages allow markup as input.

    You still need to programmatically validate input on pages where request validation is disabled.

    0 讨论(0)
 看不清?
提交回复
热议问题