:<")中检测到有潜在危险的 Request.Form 值!解决方法
:<...")中检测到有潜在危险的 Request.Form 值!
从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。
说明: 请求验证过程检测到有潜在危险的客户端输入值,对请求的处理已经中止。该值可能指示危及应用程序安全的尝试,如跨站点的脚本攻击。通过在 Page 指令或 配置节中设置 validateRequest=false 可以禁用请求验证。但是,在这种情况下,强烈建议应用程序显式检查所有输入。
异常详细信息: System.Web.HttpRequestValidationException: 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。
源错误:
[没有相关的源行]
源文件: c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs 行: 0
堆栈跟踪:
[HttpRequestValidationException (0x80004005): 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3308446
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108
System.Web.HttpRequest.get_Form() +119
System.Web.HttpRequest.get_HasForm() +57
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2070529
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6978
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.manage_productedit_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +303
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
--------------------------------------------
版本信息: Microsoft .NET Framework 版本:2.0.50727.832; ASP.NET 版本:2.0.50727.832
网上有2种解决方案,但是都是临时的,不是很好,因为我想充分考虑防止脚本注入,在这样的情况下,如何解决!
------解决方案--------------------
从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。
说明: 请求验证过程检测到有潜在危险的客户端输入值,对请求的处理已经中止。该值可能指示危及应用程序安全的尝试,如跨站点的脚本攻击。通过在 Page 指令或 配置节中设置 validateRequest=false 可以禁用请求验证。但是,在这种情况下,强烈建议应用程序显式检查所有输入。
异常详细信息: System.Web.HttpRequestValidationException: 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。
源错误:
[没有相关的源行]
源文件: c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs 行: 0
堆栈跟踪:
[HttpRequestValidationException (0x80004005): 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3308446
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108
System.Web.HttpRequest.get_Form() +119
System.Web.HttpRequest.get_HasForm() +57
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2070529
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6978
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.manage_productedit_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +303
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
--------------------------------------------
版本信息: Microsoft .NET Framework 版本:2.0.50727.832; ASP.NET 版本:2.0.50727.832
网上有2种解决方案,但是都是临时的,不是很好,因为我想充分考虑防止脚本注入,在这样的情况下,如何解决!
------解决方案--------------------
- C# code
private string ReplaceDanger(string str)
{
str = str.Replace(">", ">");
str = str.Replace("<", "<");
char ch;
ch = (char)32;
str = str.Replace(ch.ToString(), " ");
ch = (char)34;
str = str.Replace(ch.ToString(), """);
ch = (char)39;
str = str.Replace(ch.ToString(), "'");
ch = (char)13;
str = str.Replace(ch.ToString(), " ");
ch = (char)10;
str = str.Replace(ch.ToString(), "<br>");
return str;
}