Potentially dangerous Request.Form value was detected from the client

核能气质少年 提交于 2019-12-21 04:48:08

问题


I am running an ASP.Net MVC application and facing the following error. As I am new to ASP.Net, could someone please help me as to what does it mean and how can I resolve it?

I tried googling to understand it, but found different answers for the same error which left me more confused.

Exception caught in Global.asax:System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$WarningCtl1$TXTWarningText="

This is the warni..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.app_config_appttypes_groupappttypes_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Please suggest.


回答1:


You need to add the ValidateInputAttribute to your controller (which applies it to all of your action methods for that controller, so be careful):

[ValidateInput (false)]
public class MyController : Controller { ... }

Or your action method:

public class MyOtherController : Controller
{
    [ValidateInput (false)]
    public ActionResult MyActionMethod (MyObjectThatTakesInHtml myObject)
    { ... }
}

Edit

As @dotjoe pointed out, and I forgot to mention, you also have access to the AllowHtmlAttribute (found in System.Web.Mvc) on a property in your model.

public class MyObjectThatTakesInHtml
{
    [AllowHtml]
    public string MyHtmlProperty { get; set; }
}



回答2:


  • Encode at client level and decode it in Server Level

Steps

1.Post the form using jquery submit method.

in jquery button click event method encode field that you want to post to server. example

$("#field").val(encodeURIComponent($("#field").val())) $("#formid").submit();

In Controller Level access all form id value using

HttpUtility.UrlDecode(Request["fieldid"])

Make sure controller method dont have parameter.




回答3:


MVC

Added attribute to action [ValidateInput(false)]

and confirm web.config setting in system.web



来源:https://stackoverflow.com/questions/10838606/potentially-dangerous-request-form-value-was-detected-from-the-client

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!