当前位置:theitroad>vb.net 获取“从客户端检测到潜在危险的 Request.Path 值 (&)”

vb.net 获取“从客户端检测到潜在危险的 Request.Path 值 (&)”

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/33257811/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-17 19:31:21  来源:igfitidea点击:

Getting “A potentially dangerous Request.Path value was detected from the client (&)”

asp.net-mvcvb.netrest

提问by sbarnby71

I have a REST Service and when I try and make a call to an item that has a &in it's name, I get the above error, which would make sense if I was not encoded the &

我有一个 REST 服务,当我尝试调用名称中带有&的项目时,我收到上述错误,如果我没有对& 进行编码,这将是有道理的

So this would be my call:

所以这就是我的呼吁:

http://localhost:57851/myService/Servers/myServer/Repositories/myRepository/Models/Mine%26Yours

http://localhost:57851/myService/Servers/myServer/Repositories/myRepository/Models/Mine%26Yours

You can see "Mine&Yours" has been encoded as "Mine%26Yours" so should be safe.

您可以看到“Mine&Yours”已被编码为“Mine%26Yours”,因此应该是安全的。

But the request is being picked up as though I'd not encoded it.

但是请求正在被接收,就好像我没有对其进行编码一样。

Any ideas?

有任何想法吗?

Edit:

编辑:

This is not the same as (Getting "A potentially dangerous Request.Path value was detected from the client (&)")

这与 (获取“从客户端 (&) 检测到潜在危险的 Request.Path 值”) 不同

回答by holdenmcgrohen

It makes no difference to ASP.NET whether you encode the &symbol or not. See this answer: https://stackoverflow.com/a/12037000/134761

是否对&符号进行编码对 ASP.NET 没有任何区别。看到这个答案:https: //stackoverflow.com/a/12037000/134761

To allow special characters in your URL path you should modify the requestPathInvalidCharactersparameter in web.configlike this:

要在 URL 路径中允许特殊字符,您应该像这样修改requestPathInvalidCharacters参数web.config

<httpRuntime requestPathInvalidCharacters="" />

Or if you want to only allow &but disallow all other special chars:

或者,如果您只想允许&但禁止所有其他特殊字符:

<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,\"/>

回答by Matthew Lock

Expanding on holdenmcgrohen answer you can limit the changes just to a particular path if you wish

扩展 Holdenmcgrohen 的答案,您可以根据需要将更改限制在特定路径上 

  <location path="documents">
    <system.web>
    <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,\"/>
    </system.web>
  </location>

相关推荐

vb.net 计算文件夹和子文件夹中的所有文件

vb.net 计算文件夹和子文件夹中的所有文件

如何在 VB.net 中向 DataGridView 添加 UserControl,并始终显示该控件?

如何在 VB.net 中向 DataGridView 添加 UserControl,并始终显示该控件?

vb.net 选择多个文件并将文件名加载到“选中列表框”

vb.net 选择多个文件并将文件名加载到“选中列表框”

vb.net 循环遍历列表框项目

vb.net 循环遍历列表框项目

相关推荐
最近更新
标签