A potentially dangerous Request.Form value was detected from the client

前端 未结 30 2222
刺人心
刺人心 2020-11-21 05:24

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

30条回答
  •  不思量自难忘°
    2020-11-21 05:34

    I guess you could do it in a module; but that leaves open some questions; what if you want to save the input to a database? Suddenly because you're saving encoded data to the database you end up trusting input from it which is probably a bad idea. Ideally you store raw unencoded data in the database and the encode every time.

    Disabling the protection on a per page level and then encoding each time is a better option.

    Rather than using Server.HtmlEncode you should look at the newer, more complete Anti-XSS library from the Microsoft ACE team.

提交回复
热议问题