search

Home >Backend Development >C#.Net Tutorial >Solve the 'potentially dangerous Request.Form value detected from the client' error in asp.net

Solve the 'potentially dangerous Request.Form value detected from the client' error in asp.net

伊谢尔伦
伊谢尔伦Original
2016-11-24 16:15:111165browse

When submitting the form, asp.net prompts: "A potentially dangerous Request.Form value was detected from the client (...)". The request validation feature in asp.net provides a certain level of protection against XSS attacks. The request validation in asp.net is enabled by default. This gives solutions for various versions of .net.

  Usual solution for asp.net 2.0

Solution 1:

Add ValidateRequest="false" to the page item in the .aspx file, as follows:

 44c88267b88f0d6e29d47868efebe63c

Option 2:

Modify the web.config configuration file 

 <system.web> 
      <pages validateRequest="false" >   
      </pages>   
  </system.web>

Summary: validateRequest This sentence we know is to turn off verification, and This means that ASP.NET will not report an error when submitting values ​​with tags such as 8e99a69fbe029cd4e2b854e244eab143bold128dba7a3a77be0113eb0bea6ea0a5d0. It is recommended to use option one here, because the option only modifies the test.aspx page; and if you use option two, the entire solution will become ValidateRequest="false".

 Asp.net 4.0 solution

 The method for 4.0 and 2.0 is the same, but it should be noted that starting from .Net Framework 4.0, asp.net begins to forcefully detect Request parameter security, and we can restore 2.0 by modifying Web.config version of the model.

 The method is as follows:

 Modify Web.config and add the requestValidationMode="2.0" attribute value

 <system.web>
      <httpRuntime requestValidationMode="2.0" />
      <pages validateRequest="false"></pages>
  </system.web>

 There is an additional requestValidationMode in 4.0. What does this mean?

  requestValidationMode has two values:

2.0 only enables request validation for web pages. Whether enabled or disabled depends on validateRequest.

4.0 Default. Any HTTP request will enable request verification, which means not only web pages, but also cookies, etc. Enabled now, regardless of validateRequest value.

Since requestValidationMode="4.0" is forcibly enabled, we will find that request validation cannot be turned off in .NET Framework 4.0 just by setting validateRequest. We must also set requestValidationMode to 2.0.


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Three serialization methods in C#Next article:Three serialization methods in C#

Related articles

See more