从客户端检测到潜在危险的Request.Form值

时间:2014-11-12 06:03:57

标签: asp.net asp.net-mvc web-applications

这是例外

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtCodeFormate="<a href="%%strpath%%...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.HttpRequest.get_HasForm()
   at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.ccadmin_cms_setup_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

直到现在我已经尝试了以下选项,

 <httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
 <pages validateRequest="false" enableEventValidation="false"></pages>

仅供参考,它在本地工作正常,但当我在服务器上部署它不能正常工作时, 我需要在IIS工作吗?

1 个答案:

答案 0 :(得分:4)

我相信您提出的所有选项的问题已经回答here

修改Web.config后,您是否尝试过以下操作?

选项1:在模型上,将此属性添加到您需要允许HTML的每个属性 - 最佳选择

[AllowHtml]

选项2:在控制器操作上添加此属性以允许所有HTML 

[ValidateInput(false)]
相关问题
最新问题