<页validateRequest ="假" />和<的httpRuntime requestValidationMode =" 2.0" />不工作
我继承使用框架4.0 MVC asp.net应用程序。
I've inherited an MVC asp.net app using framework 4.0.
我得到从客户端检测到有潜在危险的Request.Form值可怕的错误,我所有的研究使我相信,这应该修复它:
I'm getting the dreaded "A potentially dangerous Request.Form value was detected from the client" error and all my research leads me to believe that this should fix it:
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
不过,我补充说,我的web.config,仍然得到错误。我在我的绳子结束了,我错过什么?
However, I've added that to my web.config and still get the error. I'm at the end of my rope here, what am I missing?
在除了你做了什么你也有装饰用 ValidateInput
属性,你的方法。
In addition to what you did you also have to decorate your methods with the ValidateInput
attribute.
[ValidateInput(false)]
public ActionResult MyActionMethod(string myParameter)
{
// Method implementation goes here...
}
有一种替代不过,你可以实现自己的请求,验证并绑定在你的web.config,如果你想处理验证为整个网站。看看本博客帖子就如何全面贯彻它。
There is an alternative though, you can implement your own request validator and bind that in your web.config if you want to handle validation for your entire site. Take a look at this blog post on how to fully implement it.
基本上,创建从 RequestValidator
继承一个类,然后把它挂在web.config中。
Basically, create a class that inherits from RequestValidator
and then hook it up on the web.config.
<httpRuntime requestValidationType="Globals.CustomRequestValidation"/>
希望这有助于!