发表新帖
发表新帖

A potentially dangerous Request.Form value was detected from the client

前端 未结
关注
30 2146
刺人心
刺人心 2020-11-21 05:24

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

30条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2020-11-21 05:34

    I guess you could do it in a module; but that leaves open some questions; what if you want to save the input to a database? Suddenly because you're saving encoded data to the database you end up trusting input from it which is probably a bad idea. Ideally you store raw unencoded data in the database and the encode every time.

    Disabling the protection on a per page level and then encoding each time is a better option.

    Rather than using Server.HtmlEncode you should look at the newer, more complete Anti-XSS library from the Microsoft ACE team.

    0 讨论(0)
 看不清?
提交回复
热议问题