A potentially dangerous Request.Form value was detected from the client

前端 未结 30 2229
刺人心
刺人心 2020-11-21 05:24

Every time a user posts something containing < or > in a page in my web application, I get this exception thrown.

I don\'t want to go

30条回答
  •  情深已故
    2020-11-21 05:35

    I was getting this error too.

    In my case, a user entered an accented character á in a Role Name (regarding the ASP.NET membership provider).

    I pass the role name to a method to grant Users to that role and the $.ajax post request was failing miserably...

    I did this to solve the problem:

    Instead of

    data: { roleName: '@Model.RoleName', users: users }
    

    Do this

    data: { roleName: '@Html.Raw(@Model.RoleName)', users: users }
    

    @Html.Raw did the trick.

    I was getting the Role name as HTML value roleName="Cadastro bás". This value with HTML entity á was being blocked by ASP.NET MVC. Now I get the roleName parameter value the way it should be: roleName="Cadastro Básico" and ASP.NET MVC engine won't block the request anymore.

提交回复
热议问题