ASP.NET 4.0 potentially dangerous Request.Form value was detected
A few days ago, while working on an ASP.NET 4.0 Web project, I got an issue. The issue was, when user enters non-encoded HTML content into a comment text box s/he got something like the following error message:
"A potentially dangerous Request.Form value was detected from the client".
This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a linkRequest Validation, that is a feature put in place to protect your application cross site scripting attack and followed accordingly.
To disable request validation, I added the following to the existing "page"
directive in that .aspx file.
ValidateRequest="false"
But I still got the same error. Later I found that, for .NET 4, we need to add requestValidationMode="2.0"
to thehttpRuntime
configuration section of the web.config file like the following:
<httpRuntime requestValidationMode="2.0"/>
But if there is no httpRuntime
section in the web.config file, then this goes inside the <system.web>
section.
If anyone wants to turn off request validation globally for a user, the following line in the web.config file within<system.web>
section will help:
<pages validateRequest="false" />
Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.
However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.
ASP.NET 4.0 potentially dangerous Request.Form value was detected的更多相关文章
- A potentially dangerous Request.Form value was detected from the client问题处理
问题剖析: 用户在页面上提交表单到服务器时,服务器会检测到一些潜在的输入风险,例如使用富文本编辑器控件(RichTextBox.FreeTextBox.CuteEditor等)编辑的内容中包含有HTM ...
- 自己留存:小经验在asp.net 4.5或者asp.net mvc 5解决A potentially dangerous Request.Form value was detected from the client
以前的解决办法是 <configuration> <system.web> <pages validateRequest="false&q ...
- 解决.Net 4.0 A potentially dangerous Request.Form value was detected from the client 异常
在web.config中加入 <httpRuntime maxRequestLength="22000" executionTimeout="43200" ...
- A potentially dangerous Request.Form value was detected from the client
提交表单中包含特殊字符如<script>可能被认为是跨站攻击代码:解决方法很多,如stackoverflow上的web.config中加设置的方法不中肯[如原贴中Jamie M所说],主要 ...
- A potentially dangerous Request.Form value was detected from the client的解决办法
网上找了这么多,这条最靠谱,记录下来,以备后用 <httpRuntime requestValidationMode="2.0"/> <pages validat ...
- [BILL WEI] A potentially dangerous Request.Path value was detected from the client 异常处理办法
我们在ASP.net中使用URL导向后, 我们在访问某个地址,或者打开某个系统页面的时候,就会报错误: A potentially dangerous Request.Path value was d ...
- A potentially dangerous Request.Path value was detected from the client异常解决方案
场景: 当URL中存在“<,>,*,%,&,:,/”特殊字符时,页面会抛出A potentially dangerous Request.Path value was detect ...
- ASP.NET 4.0验证请求 System.Web.HttpRequestValidationException: A potentially dangerous Request.F
System.Web.HttpRequestValidationException: A potentially dangerous Request.F 在使用类似eWebedtior 拷贝内容进去的 ...
- System.Web.HttpRequestValidationException: A potentially dangerous Request.F
ASP.NET .0验证请求 System.Web.HttpRequestValidationException: A potentially dangerous Request.F System.W ...
随机推荐
- 套题 codeforces 359
A题:Free Ice Cream 注意要使用LL,避免爆int #include <bits/stdc++.h> #define scan(x,y) scanf("%d%d&q ...
- day8---多线程socket 编程,tcp粘包处理
复习下socket 编程的步骤: 服务端: 1 声明socket 实例 server = socket.socket() #括号里不写 默认地址簇使用AF_INET 即 IPv4 ...
- 检测网页地址有效性java代码
package com.inspur.linkcheck; import java.io.IOException; import java.net.HttpURLConnection; import ...
- TypeScript 0.9.1 发布,新增 typeof 关键字
TypeScript 0.9.1 发布了,该版本提升了编译器和语言的性能,增加新的语言特性 typeof ,更好的 this 处理等.详细介绍请看发行说明. TypeScript 是微软新推出的一种语 ...
- 轻易实现基于linux或win运行的聊天服务端程序
对于不了解网络编程的开发人员来说,编写一个良好的服务端通讯程序是一件比较麻烦的事情.然而通过EC这个免费组件你可以非常简单地构建一个基于linux或win部署运行的网络服务程序.这种便利性完全得益于m ...
- 【Leetcode】【Hard】Valid Number
Validate if a given string is numeric. Some examples:"0" => true" 0.1 " => ...
- Android中px和dip的区别
在Android手机的诞生之初,由于Android系统是开源的,一开始便有众多的OEM厂商对Android手机进行深度定制,于是乎Android手机的皮肤和屏幕大小都变得百花齐放,这可苦逼了我们这群开 ...
- spring mvc ajax 400解决
The request sent by the client was syntactically incorrect. ajax发起请求时报400错误.请求代码如下: var reportId=($( ...
- 如何带领一个Android开发团队
1)重构,夜未眠 将框架从业务中剥离 如何提高开发效率 如何提高程序性能 单元测试 技术调研 代码版本管理 2)渠道包管理 自动打包工具 批量打渠道包的两种解决方案 定制渠道包的流程管理 3)稳定性, ...
- C#与数据库访问技术总结(十六)之 DataSet对象
DataSet对象 DataSet对象可以用来存储从数据库查询到的数据结果,由于它在获得数据或更新数据后立即与数据库断开,所以程序员能用此高效地访问和操作数据库. 并且,由于DataSet对象具有离线 ...