问题
I am running an ASP.Net MVC application and facing the following error. As I am new to ASP.Net, could someone please help me as to what does it mean and how can I resolve it?
I tried googling to understand it, but found different answers for the same error which left me more confused.
Exception caught in Global.asax:System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$WarningCtl1$TXTWarningText="
This is the warni..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.app_config_appttypes_groupappttypes_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Please suggest.
回答1:
You need to add the ValidateInputAttribute to your controller (which applies it to all of your action methods for that controller, so be careful):
[ValidateInput (false)]
public class MyController : Controller { ... }
Or your action method:
public class MyOtherController : Controller
{
[ValidateInput (false)]
public ActionResult MyActionMethod (MyObjectThatTakesInHtml myObject)
{ ... }
}
Edit
As @dotjoe pointed out, and I forgot to mention, you also have access to the AllowHtmlAttribute (found in System.Web.Mvc) on a property in your model.
public class MyObjectThatTakesInHtml
{
[AllowHtml]
public string MyHtmlProperty { get; set; }
}
回答2:
- Encode at client level and decode it in Server Level
Steps
1.Post the form using jquery submit method.
in jquery button click event method encode field that you want to post to server. example
$("#field").val(encodeURIComponent($("#field").val())) $("#formid").submit();
In Controller Level access all form id value using
HttpUtility.UrlDecode(Request["fieldid"])
Make sure controller method dont have parameter.
回答3:
MVC
Added attribute to action [ValidateInput(false)]
and confirm web.config setting in system.web
来源:https://stackoverflow.com/questions/10838606/potentially-dangerous-request-form-value-was-detected-from-the-client