这个配置.">
25yicms利用ASP.NET(C#)+MSSQL技术全力打造功能最强大的营销型企业网站管理系统,企业做网站系统,做网站软件,提供div+css企业网站模板。
阅读内容

A potentially dangerous Request.Form value was detected from the client问题处理


时间:2013/08/22   来源:cms
程序是framework 2.0版本开发的,由于现在framework已升级为 4.0,为了让程序更安全,所以我在iis上选择程序的运行版本来framework 4.0。在运行程序后台添加网站内容时出以下错误页面信息:
A potentially dangerous Request.Form value was detected from the client错误图
Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client (FCKeditor1="...地产开发集团有限公司<br />
<br />
<img...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (FCKeditor1="...地产开发集团有限公司<br />
<br />
<img...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

出现此错误后,根据多方资料查证,页面在编辑的内容中包含有HTML标记或脚本标记时,ASP.NET页面为了防范页面注入功能会启用保护机制,页面会抛出一个"A potentially dangerous Request.Form value was deceted from the client"的异常。从framework 2.0版本时只需要在页面<%@Page %>部分加入ValidateRequest="false"属性就可以解决,但是在framework 4.0以后还需要在web.config里加入<httpRuntime requestValidationMode="2.0"/>这个配置。

出现错误前的web.config配置图
没有加requestValidationMode图
修改web.config配置成功解决图
加requestValidationMode图

如果在web.config里没有httpRuntime属性的话就直接加 <httpRuntime requestValidationMode="2.0" />就可以了。
没有httpruntime直接加requestValidationMode
点击次数:       打印此页  关闭