当前位置: 代码迷 >> ASP.NET >> :<")中检测到有潜在危险的 Request.Form 值!解决方法
  详细解决方案

:<")中检测到有潜在危险的 Request.Form 值!解决方法

热度:3960   发布时间:2013-02-25 00:00:00.0
:<...")中检测到有潜在危险的 Request.Form 值!
从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。 
说明: 请求验证过程检测到有潜在危险的客户端输入值,对请求的处理已经中止。该值可能指示危及应用程序安全的尝试,如跨站点的脚本攻击。通过在 Page 指令或 配置节中设置 validateRequest=false 可以禁用请求验证。但是,在这种情况下,强烈建议应用程序显式检查所有输入。 

异常详细信息: System.Web.HttpRequestValidationException: 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。

源错误: 


[没有相关的源行]
 

源文件: c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs 行: 0 

堆栈跟踪: 


[HttpRequestValidationException (0x80004005): 从客户端(ctl00$ContentPlaceHolder1$RParameter$ctl04$ParameterValueSelect1$HF1="...d864d0b27c<script type="text/j...")中检测到有潜在危险的 Request.Form 值。]
  System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3308446
  System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108
  System.Web.HttpRequest.get_Form() +119
  System.Web.HttpRequest.get_HasForm() +57
  System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2070529
  System.Web.UI.Page.DeterminePostBackMode() +63
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6978
  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
  System.Web.UI.Page.ProcessRequest() +86
  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
  System.Web.UI.Page.ProcessRequest(HttpContext context) +49
  ASP.manage_productedit_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\36f4fd14\1101a96c\App_Web_qw4d8xwz.26.cs:0
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +303
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

 


--------------------------------------------------------------------------------
版本信息: Microsoft .NET Framework 版本:2.0.50727.832; ASP.NET 版本:2.0.50727.832 

网上有2种解决方案,但是都是临时的,不是很好,因为我想充分考虑防止脚本注入,在这样的情况下,如何解决!

------解决方案--------------------------------------------------------
C# code
private string ReplaceDanger(string str)    {        str = str.Replace(">", "&gt;");        str = str.Replace("<", "&lt;");        char ch;        ch = (char)32;        str = str.Replace(ch.ToString(), "&nbsp;");        ch = (char)34;        str = str.Replace(ch.ToString(), "&quot;");        ch = (char)39;        str = str.Replace(ch.ToString(), "&#39;");        ch = (char)13;        str = str.Replace(ch.ToString(), " ");        ch = (char)10;        str = str.Replace(ch.ToString(), "<br>");        return str;    }
  相关解决方案

代码迷 - 您身边的软件异常,代码异常,编程异常助手(发现,解决,分享)
Copyright © 2009-2013 DAIMAMI.COM. All rights reserved.