A potentially dangerous Request.Form
Anyone know why I am getting the following error? I have debugging enabled.
Server Error in \'/\' Application.
---------------------------------------------
-
i have ajax request with formdata so it has worked while using unvalidated keyword before retrieving data from the request. So you can try this way with tinymce text data here you don't need to modify your web config file also. my code is give below:
var data=Request.Unvalidated.Form["Key_word"];讨论(0) -
If this is an MVC application you can apply this attribute on
Controller Actionlevel to ignore input validation:[ValidateInput(false)]
讨论(0) -
I had to go hunting a little within my
web.configfile, specifically within thesystem.webxml section, to find where I could update the<pages>directives... as you noted. As soon as I added thevalidateReqest = "false"attribute to the pages directive withinweb.configfile, it made everything whole again.In my particular case, it is NOT on a production server however and this is not 'production' level code either. It's a private local server, with me only as the sole user in the environment so that makes me feel better about updating that setting. As below:
<system.web> <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" validateRequest="false" /> </system.web>讨论(0) -
In the web.config file, within the tags, insert the httpRuntime element with the attribute requestValidationMode="2.0". Also add the validateRequest="false" attribute in the pages element.
<configuration> <system.web> <httpRuntime requestValidationMode="2.0" /> <pages validateRequest="false" /> </system.web> </configuration>讨论(0) -
The post contains HTML elements (the
<p>tag, in your case) - this can be indication of a cross site scripting attack, which is why asp.net does not allow it by default.You should either HTML encode before submitting (best practice), or disable the warning and potentially expose yourself to XSS.
讨论(0) -
Place
[AllowHtml]attribute in your model.讨论(0)
加载中...
- 热议问题