简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > C#.Net Tutorial > body text

Solve the 'potentially dangerous Request.Form value detected from the client' error in asp.net

伊谢尔伦
Release: 2016-11-24 16:15:11
Original
1128 people have browsed it

When submitting the form, asp.net prompts: "A potentially dangerous Request.Form value was detected from the client (...)". The request validation feature in asp.net provides a certain level of protection against XSS attacks. The request validation in asp.net is enabled by default. This gives solutions for various versions of .net.

  Usual solution for asp.net 2.0

Solution 1:

Add ValidateRequest="false" to the page item in the .aspx file, as follows:

 <%@ Page ValidateRequest="false" Language="C#" AutoEventWireup="true" CodeFile="test2.aspx.cs" Inherits="test2" %>

Option 2:

Modify the web.config configuration file 

 <system.web> 
      <pages validateRequest="false" >   
      </pages>   
  </system.web>
Copy after login

Summary: validateRequest This sentence we know is to turn off verification, and This means that ASP.NET will not report an error when submitting values ​​with tags such as bold. It is recommended to use option one here, because the option only modifies the test.aspx page; and if you use option two, the entire solution will become ValidateRequest="false".

 Asp.net 4.0 solution

 The method for 4.0 and 2.0 is the same, but it should be noted that starting from .Net Framework 4.0, asp.net begins to forcefully detect Request parameter security, and we can restore 2.0 by modifying Web.config version of the model.

 The method is as follows:

 Modify Web.config and add the requestValidationMode="2.0" attribute value

 <system.web>
      <httpRuntime requestValidationMode="2.0" />
      <pages validateRequest="false"></pages>
  </system.web>
Copy after login

 There is an additional requestValidationMode in 4.0. What does this mean?

  requestValidationMode has two values:

2.0 only enables request validation for web pages. Whether enabled or disabled depends on validateRequest.

4.0 Default. Any HTTP request will enable request verification, which means not only web pages, but also cookies, etc. Enabled now, regardless of validateRequest value.

Since requestValidationMode="4.0" is forcibly enabled, we will find that request validation cannot be turned off in .NET Framework 4.0 just by setting validateRequest. We must also set requestValidationMode to 2.0.


Related labels:
asp.net
source:php.cn
Previous article:Three serialization methods in C# Next article:Three ways to determine the type of uploaded files in asp.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Retrieve WordPress Photo' value to be placed in custom php page I need to create a WordPress website from existing HTML (more specifically from an asp.net...
From 2024-04-02 19:13:12
0
1
296
Uncheck specific rows in Kendo Grid select column in ASP.NET MVC using JavaScript and jQuery: Step-by-step guide I have a KendoGrid in my ASP.NETMVC5 project. One of the columns is a select column and I ...
From 2024-03-30 17:18:30
0
1
376
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!