在其字段中发布带有html标记的表单时出错

时间:2010-12-27 21:04:42

标签: html ajaxcontroltoolkit

我使用的是Ajax Control Toolkit 3.5。我有一个这样的表格:

<body>
<form id="form1" runat="server">
<asp:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">
</asp:ToolkitScriptManager>
<div>
    <asp:UpdatePanel ID="UpdatePanel1" runat="server">
        <ContentTemplate>
            <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
            <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        </ContentTemplate>
    </asp:UpdatePanel>
</div>
</form>

此页面的相关代码隐藏是这样的:

protected void Button1_Click(object sender, EventArgs e)
{
    Label1.Text = TextBox1.Text;
}

当我将例如“foo”写入TextBox1时,它会成功地将其复制到Label1中。但是,如果我使用一些HTML标签(如“&lt; b&gt; foo&lt; / b&gt;”)将任何文字写入文本框我在IE状态栏中出现以下Javascript错误:

alt text

我该如何解决这个问题?

提前致谢。

1 个答案:

答案 0 :(得分:0)

在发布此问题之后,我想到了从UpdatePanel中取出表单字段并重试相同操作的想法。答对了!它抛出以下异常:

    A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>"). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<b>foo</b>").

看到此错误后,将以下代码添加到&lt;%@ Page%&gt;页面的一部分解决了这个问题。

ValidateRequest="false"

希望这有助于其他人......

相关问题
最新问题