檢測到有潛在危險的Request.Form值當我嘗試發佈包含<whatever>
我得到從客戶
從客戶 說明檢測到有潛在危險的Request.Form 任何有價值的東西:請求驗證有 檢測到潛在危險 客戶端輸入值,並且處理 請求已被中止。此 值可能表示嘗試使用 應用程序的安全性,例如跨站點 腳本攻擊。要允許頁面 覆蓋應用程序請求 驗證設置,請將 httpRuntime配置節中的 requestValidationMode屬性設置爲 requestValidationMode =「2.0」。例如: 。在 設置此值後,您可以通過 指令或 配置部分中的 validateRequest =「false」,然後 禁用請求驗證。但是,在這種情況下,強烈建議您的 應用程序明確檢查所有 輸入,爲 。有關更多 的信息,請參閱 http://go.microsoft.com/fwlink/?LinkId=153133。
異常詳細信息: System.Web.HttpRequestValidationException: 甲潛在危險的Request.Form 值由客戶端檢測到的
我具有以下asp.net代碼
<asp:DetailsView ID="newsDetail" runat="server" DataSourceID="SqlDataSourceNews"
AutoGenerateRows="False" DataKeyNames="id"
OnItemUpdating="NewsDetailItemUpdating" OnItemCreated="NewsDetailItemCreated"
OnItemDeleted="NewsDetailItemDeleted" OnItemInserted="NewsDetailItemInserted"
OnItemInserting="NewsDetailItemInserting" OnItemUpdated="NewsDetailItemUpdated"
DefaultMode="Insert">
<Fields>
<asp:TemplateField FooterText="show at statpage" HeaderText="view" SortExpression="view">
...
</asp:TemplateField>
<asp:BoundField DataField="headline" HeaderText="Headline" SortExpression="headline">
</asp:BoundField>
<asp:TemplateField HeaderText="Text">
<ItemTemplate>
<asp:Label ID="post" runat="Server" Text='<%# Eval("post") %>' OnPreRender="PostLabelPreRender" />
</ItemTemplate>
<InsertItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</InsertItemTemplate>
<EditItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</EditItemTemplate>
</asp:TemplateField>
而代碼
protected void NewsDetailItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
// Iterate though the values entered by the user and HTML encode
// the values. This helps prevent malicious values from being
// stored in the data source.
for (int i = 0; i < e.NewValues.Count; i++)
if (e.NewValues[i] != null)
e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString());
}
protected void NewsDetailItemInserting(object sender, DetailsViewInsertEventArgs e)
{
for (int i = 0; i < e.Values.Count; i++)
if (e.Values[i] != null)
e.Values[i] = Server.HtmlEncode(e.Values[i].ToString());
}
protected void NewsDetailItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemDeleted(object sender, DetailsViewDeletedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemCreated(object sender, EventArgs e)
{
newsList.DataBind();
}
您是否試圖將HTML/Javascript作爲您的文本框之一發布? – Tejs 2011-05-09 20:50:24
我打算把這個標記爲重複,但是我不確定15個重複選擇哪個... – 2011-05-09 20:54:57