After upgrading our project to the .net 4.0 framework (from 3.5), we facing some problems with ajax calls with html in the parameters. As soon as the user enters some html in a text area the ajax call isn't executed anymore. If the user enters plain text only, there is no problem.
在将我们的项目升级到.net 4.0框架(从3.5)之后,我们在参数中遇到了带有html的ajax调用的一些问题。一旦用户在文本区域中输入一些html,就不再执行ajax调用。如果用户仅输入纯文本,则没有问题。
<script language="javascript">
/* Doesn't work */
var html = "<p>test</p>";
var body = "default.aspx?html=" + urlEncode(html);
var des = new AJAXInteraction(url, handleResponse, 'saveloader');
des.doPost(body);
/* Work */
var html = "test";
var body = "default.aspx?html=" + urlEncode(html);
var des = new AJAXInteraction(url, handleResponse, 'saveloader');
des.doPost(body);
</script>
Anyone any idea?
谁有任何想法?
2 个解决方案
#1
1
Probably setting validateRequest in your page directive to false, will solve your problem. Do this in the Page you're posting to:
可能在您的页面指令中将validateRequest设置为false,将解决您的问题。在您要发布到的页面中执行此操作:
<%@ Page validateRequest="false" %>
ASP.NET by default checks requests for potentially dangerous inputs like HTML code and blocks such requests. Keep in mind that you have to sanitize the input yourself when disabling request validation!
默认情况下,ASP.NET会检查对HTML代码等潜在危险输入的请求,并阻止此类请求。请记住,在禁用请求验证时,您必须自己清理输入!
You can read more about it here: http://www.asp.net/learn/whitepapers/request-validation
您可以在此处阅读更多相关信息:http://www.asp.net/learn/whitepapers/request-validation
#2
0
Found the answer here: http://dotnetguts.blogspot.com/2010/06/validaterequestfalse-not-working-in-net.html. In ASP.NET 4, by default, request validation is enabled for all requests and the validateRequest setting per page is ignored.
在这里找到答案:http://dotnetguts.blogspot.com/2010/06/validaterequestfalse-not-working-in-net.html。在ASP.NET 4中,默认情况下,为所有请求启用请求验证,并忽略每页的validateRequest设置。
To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:
若要还原到ASP.NET 2.0请求验证功能的行为,请在Web.config文件中添加以下设置:
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
#1
1
Probably setting validateRequest in your page directive to false, will solve your problem. Do this in the Page you're posting to:
可能在您的页面指令中将validateRequest设置为false,将解决您的问题。在您要发布到的页面中执行此操作:
<%@ Page validateRequest="false" %>
ASP.NET by default checks requests for potentially dangerous inputs like HTML code and blocks such requests. Keep in mind that you have to sanitize the input yourself when disabling request validation!
默认情况下,ASP.NET会检查对HTML代码等潜在危险输入的请求,并阻止此类请求。请记住,在禁用请求验证时,您必须自己清理输入!
You can read more about it here: http://www.asp.net/learn/whitepapers/request-validation
您可以在此处阅读更多相关信息:http://www.asp.net/learn/whitepapers/request-validation
#2
0
Found the answer here: http://dotnetguts.blogspot.com/2010/06/validaterequestfalse-not-working-in-net.html. In ASP.NET 4, by default, request validation is enabled for all requests and the validateRequest setting per page is ignored.
在这里找到答案:http://dotnetguts.blogspot.com/2010/06/validaterequestfalse-not-working-in-net.html。在ASP.NET 4中,默认情况下,为所有请求启用请求验证,并忽略每页的validateRequest设置。
To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:
若要还原到ASP.NET 2.0请求验证功能的行为,请在Web.config文件中添加以下设置:
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>