当前位置:theitroad>asp.net-mvc 获取“从客户端 (&) 检测到潜在危险的 Request.Path 值”

asp.net-mvc 获取“从客户端 (&) 检测到潜在危险的 Request.Path 值”

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/6025522/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-08 01:12:25  来源:igfitidea点击:

Getting "A potentially dangerous Request.Path value was detected from the client (&)"

asp.net-mvcasp.net-mvc-3

提问by Brian

I've got a legacy code issue that requires that I support random urls as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.

我有一个遗留代码问题,需要我支持随机 url,就好像它们是对主页的请求一样。某些 URL 中的字符会生成错误“从客户端检测到潜在危险的 Request.Path 值 (&)”。该站点是用 ASP.Net MVC 3(在 C# 中)编写的,并在 IIS 7.5 上运行。

Here's an example URL...

这是一个示例网址...

http://mywebsite.com/Test123/This_&_That

Here's how I have my catch-all route setup (I have other routes to catch specific pages)...

这是我如何设置所有路由(我有其他路由来捕获特定页面)...

routes.MapRoute(
    "Default", // Route name
    "{garb1}/{garb2}", // URL with parameters
    new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults
);

I've added the following things to my web.config file...

我已将以下内容添加到我的 web.config 文件中...

<configuration>
    <system.web>
        <pages validateRequest="false" />
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
<configuration>

I've also Added the ValidateInput attribute to the action that should be catching the urls...

我还向应该捕获 url 的操作添加了 ValidateInput 属性...

public class WebsiteController : Controller
{
    [ValidateInput(false)]
    public ActionResult Home()
    {
        return View();
    }
}

But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).

但我仍然收到错误。任何想法为什么?我错过了什么?现在我只是在我的本地开发服务器上运行(我还没有在生产中尝试过这些修复程序)。

回答by Alexander Prokofyev

While you could try these settings in config file

虽然您可以在配置文件中尝试这些设置

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

I would avoid using characters like '&' in URL path replacing them with underscores.

我会避免在 URL 路径中使用像 '&' 这样的字符用下划线替换它们。

回答by reza.cse08

I have faced the this type of error. to call a function from razor.

我遇到过这种类型的错误。从剃刀调用函数。

public ActionResult EditorAjax(int id, int? jobId, string type = ""){}

solve that by changing the line

通过改变线来解决这个问题

from

<a href="/ScreeningQuestion/EditorAjax/5&jobId=2&type=additional" />

to

<a href="/ScreeningQuestion/EditorAjax/?id=5&jobId=2&type=additional" />

where my route.config is

我的 route.config 在哪里

routes.MapRoute(
            "Default", // Route name
            "{controller}/{action}/{id}", // URL with parameters
            new { controller = "Home", action = "Index", id = UrlParameter.Optional }, new string[] { "RPMS.Controllers" } // Parameter defaults
        );

回答by Pavan

If you want to allow Html tags only for few textbox in mvc

如果您只想在 mvc 中为少数文本框允许 Html 标签

You can do one thing

你可以做一件事

in controller

在控制器中

 [ValidateInput(false)]
public ActionResult CreateNewHtml()  //view
{
    return View();
}
[ValidateInput(false)]
[HttpPost]
public ActionResult CreateNewHtml(cbs obj)//view cbs is database class
{
    repo.AddHtml(obj);
    return View();
}

回答by Josh P

We were getting this same error in Fiddler when trying to figure out why our Silverlight ArcGIS map viewer wasn't loading the map. In our case it was a typo in the URL in the code. There was an equal sign in there for some reason.
http:=//someurltosome/awesome/place
instead of
http://someurltosome/awesome/place

当我们试图找出为什么我们的 Silverlight ArcGIS 地图查看器没有加载地图时,我们在 Fiddler 中遇到了同样的错误。在我们的例子中,它是代码中 URL 的拼写错误。出于某种原因,那里有一个等号。
http://someurltosome/awesome/place
而不是
http://someurltosome/awesome/place

After taking out that equal sign it worked great (of course).

取出等号后,效果很好(当然)。

回答by Balamurugan

Check the below lines are present in your web.config file

检查以下几行是否存在于您的 web.config 文件中

<system.web> <httpRuntime requestPathInvalidCharacters="" /> </system.web>

<system.web> <httpRuntime requestPathInvalidCharacters="" /> </system.web>

相关推荐

asp.net-mvc 如何最好地在服务器上安装 MVC 3?

asp.net-mvc 如何最好地在服务器上安装 MVC 3?

Spring Boot 单页应用程序 - 将每个请求转发到 index.html

Spring Boot 单页应用程序 - 将每个请求转发到 index.html

asp.net-mvc EntityFramework - 连接字符串在哪里?

asp.net-mvc EntityFramework - 连接字符串在哪里?

Mapstruct - 如何在 Generated Mapper 类中注入 spring 依赖项

Mapstruct - 如何在 Generated Mapper 类中注入 spring 依赖项

相关推荐
最近更新
标签