asp.net-mvc 如何允许“路径中的非法字符”?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2087246/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Howto allow "Illegal characters in path"?
提问by hbruce
I have a MVC.NET application with one route as follows:
我有一个带有一条路由的 MVC.NET 应用程序,如下所示:
routes.MapRoute("member", "member/{id}/{*name}", new { controller = "member", action = "Details", id = "" }, new { id = @"\d+" });
routes.MapRoute("member", "member/{id}/{*name}", new { controller = "member", action = "Details", id = "" }, new { id = @"\d+" });
Thus, a link could be something like this: http://domain/member/123/any_kind_of_username
因此,链接可能是这样的:http://domain/member/123/any_kind_of_username
This works fine in general but if the path contains illegal characters (e.g. a double qoute: http://domain/member/123/my_"user"_name) I get a "System.ArgumentException: Illegal characters in path."
这通常工作正常,但如果路径包含非法字符(例如双引号:http://domain/member/123/my_“user”_name),我会收到“System.ArgumentException:路径中的非法字符”。
After much googling the best suggestions seems to be to make sure that the url doesn't contain any such characters. Unfortunately, that is out of my control in this case.
经过多次谷歌搜索,最好的建议似乎是确保 url 不包含任何此类字符。不幸的是,在这种情况下,这是我无法控制的。
Is there a way to work around this?
有没有办法解决这个问题?
回答by bkaid
Scott Hanselman posted a good summary on allowing illegal characters in the path.
Scott Hanselman 发表了一篇关于在路径中允许非法字符的很好的总结。
If you really want to allow characters that are restricted, remove them from the list by editing your web.config (this will probably only work in .NET 4 and on IIS7):
如果您真的想允许受限制的字符,请通过编辑您的 web.config 将它们从列表中删除(这可能仅适用于 .NET 4 和 IIS7):
<system.web>
<httpRuntime requestValidationMode="2.0" relaxedUrlToFileSystemMapping="true" requestPathInvalidCharacters="<,>,*,%,:,&,\" />
</system.web>
You may also need to do as hbruce suggests:
您可能还需要按照hbruce 的建议进行操作:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true"/>
</security>
</system.webServer>
There are still some certain paths that will not work, (such as /search/% ) as you will get the 400 "Bad Request - Invalid URL" message. The only workaround I've found is to use that part as a querystring: /search?q=% with the above steps.
仍有一些某些路径不起作用(例如 /search/% ),因为您将收到 400 “Bad Request - Invalid URL” 消息。我发现的唯一解决方法是使用该部分作为查询字符串:/search?q=% 执行上述步骤。
回答by hbruce
Turns out you could avoid this by setting allowDoubleEscaping="false" in for requestFiltering in web.Config. I.e:
原来你可以通过在 web.Config 中为 requestFiltering 设置 allowDoubleEscaping="false" 来避免这种情况。IE:
<configuration>
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="false" />
</security>
</system.webServer>
</configuration>
Perhaps not the perfect solution (any suggestions for a better one is much appreciated), but it solves the problem.
也许不是完美的解决方案(任何对更好解决方案的建议都非常感谢),但它解决了问题。
回答by Vince Bowdren
You should URL-encode the URL at the client end before submitting it. Try using the UrlHelper.Encodemethod.
在提交之前,您应该在客户端对 URL 进行 URL 编码。尝试使用UrlHelper.Encode方法。
回答by Justin Schwartzenberger
What about an ampersand (&) in the url? For example: mysite.com/JellyBeans/PB&J, where "PB&J" is a parameter value in a controller action method. How do you get around MVC and the ASP.NET engine from treating that as an illegal char in the base url string? Encoding that with a %26 doesn't appear to work. Odd thing, when launching VS debug the local web server (VS built in web server) handles that case fine (both as an & and a %26), but when deployed to a web server running IIS7 the url results in a "Bad Request".
网址中的与号 (&) 怎么样?例如:mysite.com/JellyBeans/PB&J,其中“PB&J”是控制器操作方法中的参数值。您如何绕过 MVC 和 ASP.NET 引擎将其视为基本 url 字符串中的非法字符?用 %26 编码似乎不起作用。奇怪的是,当启动 VS 调试本地 web 服务器(VS 内置 web 服务器)处理这种情况时(作为 & 和 %26),但是当部署到运行 IIS7 的 web 服务器时,url 导致“错误请求” ”。
