C# 用户控件有潜在危险的请求。从客户端检测到QueryString值
我有一个用户控件,我正在传递一个.net似乎认为是危险的查询字符串。。我已经把我的web.configC# 用户控件有潜在危险的请求。从客户端检测到QueryString值,c#,asp.net,C#,Asp.net,我有一个用户控件,我正在传递一个.net似乎认为是危险的查询字符串。。我已经把我的web.config <httpRuntime requestValidationMode="2.0" enableVersionHeader="false" maxUrlLength="10999" maxQueryStringLength="2097151"/> <security> <requestFiltering> <requestL
<httpRuntime requestValidationMode="2.0" enableVersionHeader="false" maxUrlLength="10999" maxQueryStringLength="2097151"/>
<security>
<requestFiltering>
<requestLimits maxUrl="10999" maxQueryString="2097151" />
</requestFiltering>
</security>
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="Member.ascx.cs" Inherits="DOM.Umbraco.Web.usercontrols.Members" %>
Dom您可以使用此web.config设置禁用请求验证
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
<@ Page validateRequest="false" %>
覆盖请求验证程序并允许输入所需的字符。小心,如果数据要重新显示,它将包含原始内容,这可能是危险的。i、 e.脚本标签
public class CustomRequestValidator : System.Web.Util.RequestValidator
{
protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
{
validationFailureIndex = 0;
if (requestValidationSource == RequestValidationSource.Form)
{
value = value.Replace("<", "").Replace(">", "");
}
return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
}
}
公共类CustomRequestValidator:System.Web.Util.RequestValidator
{
受保护的覆盖布尔IsValidRequestString(HttpContext上下文、字符串值、RequestValidationSource RequestValidationSource、string collectionKey、out int validationFailureIndex)
{
validationFailureIndex=0;
if(requestValidationSource==requestValidationSource.Form)
{
值=值。替换(“,”);
}
返回base.IsValidRequestString(上下文、值、requestValidationSource、collectionKey、out validationFailureIndex);
}
}