A potentially dangerous Request.Form value was detected from the client

前端 未结 30 2234
刺人心
刺人心 2020-11-21 05:24

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

30条回答
  •  被撕碎了的回忆
    2020-11-21 05:40

    Cause

    ASP.NET by default validates all input controls for potentially unsafe contents that can lead to cross-site scripting (XSS) and SQL injections. Thus it disallows such content by throwing the above exception. By default it is recommended to allow this check to happen on each postback.

    Solution

    On many occasions you need to submit HTML content to your page through Rich TextBoxes or Rich Text Editors. In that case you can avoid this exception by setting the ValidateRequest tag in the @Page directive to false.

    <%@ Page Language="C#" AutoEventWireup="true" ValidateRequest = "false" %>
    

    This will disable the validation of requests for the page you have set the ValidateRequest flag to false. If you want to disable this, check throughout your web application; you’ll need to set it to false in your web.config section

    
    

    For .NET 4.0 or higher frameworks you will need to also add the following line in the section to make the above work.

    
    

    That’s it. I hope this helps you in getting rid of the above issue.

    Reference by: ASP.Net Error: A potentially dangerous Request.Form value was detected from the client

提交回复
热议问题