I'm trying to get around the "potentially dangerous Request.Form value" error and I'm having no luck. Yes, yes, I've read all the other * related questions and none of them seem to get me closer to an answer. I am using [ValidateInput(false)]
on all related controller actions...and I've checked many times. I'm using ValidateRequest='false'
in all the related ASPX views.
我试图解决“潜在危险的Request.Form值”错误,我没有运气。是的,是的,我已经阅读了所有其他与*相关的问题,但似乎没有一个问题让我更接近答案。我在所有相关的控制器动作上使用[ValidateInput(false)] ...我已经多次检查过了。我在所有相关的ASPX视图中使用ValidateRequest ='false'。
I am using ASP.NET MVC 2 Preview 1, but I don't think that's an issue since the error is being generated lower in the framework; Page.ProcessRequest to be exact. I can't see anything I'm doing wrong, I even set <page validateRequest='false'>
in the web.config and that didn't solve it either.
我正在使用ASP.NET MVC 2预览1,但我不认为这是一个问题,因为错误是在框架中生成较低的; Page.ProcessRequest确切。我看不到任何我做错的事情,我甚至在web.config中设置了
4 个解决方案
#1
32
With asp.net 4, you'll need to configure the validation mode in the web.config as well.
使用asp.net 4,您还需要在web.config中配置验证模式。
Set the following as a child of the <system.web>
element:
将以下内容设置为
<httpRuntime requestValidationMode="2.0"/>
Asp.Net 4 sets the requestValidationMode to 4.0
by default, which tells the system to perform request validation before the BeginRequst phase of the HTTP request. The validation will occur before the system reaches the action attribute telling it not to validate the request, thus rendering the attribute useless. Setting requestValidationMode="2.0" will revert to the asp.net 2.0 request validation behavior, allowing the ValidateInput attribute to work as expected.
Asp.Net 4默认将requestValidationMode设置为4.0,它告诉系统在HTTP请求的BeginRequst阶段之前执行请求验证。验证将在系统到达action属性之前发生,告诉它不要验证请求,从而使属性无效。设置requestValidationMode =“2.0”将恢复为asp.net 2.0请求验证行为,允许ValidateInput属性按预期工作。
(thanks Jim - upvotes belong here)
(感谢Jim - upvotes属于这里)
#2
7
Well...answered my own problem...the culprit: Html.RenderAction<T>
. If there are any calls to other actions in the request context (e.g. from the Master Page or child partials) these actions also need to have [ValidateInput(false)]
set appropriately. This seems like a bit of a problem though with MVC or the way the Page object works in ASP.NET as this is a really obfuscated bug to find.
嗯...回答了我自己的问题......罪魁祸首:Html.RenderAction
#3
1
You have to add the attribute to every controller action that is invoked during your request, i.e. check all partial requests.
您必须将该属性添加到请求期间调用的每个控制器操作,即检查所有部分请求。
#4
0
Please note that these suggestions will not fix the problems caused by a bug that occurs when you have to use [ValidateInput(false)] in combination with a FormCollection.
请注意,这些建议无法解决因必须将[ValidateInput(false)]与FormCollection结合使用时出现的错误所导致的问题。
See: ASP.NET MVC 3 ValidateRequest(false) not working with FormCollection
请参阅:ASP.NET MVC 3 ValidateRequest(false)不使用FormCollection
#1
32
With asp.net 4, you'll need to configure the validation mode in the web.config as well.
使用asp.net 4,您还需要在web.config中配置验证模式。
Set the following as a child of the <system.web>
element:
将以下内容设置为
<httpRuntime requestValidationMode="2.0"/>
Asp.Net 4 sets the requestValidationMode to 4.0
by default, which tells the system to perform request validation before the BeginRequst phase of the HTTP request. The validation will occur before the system reaches the action attribute telling it not to validate the request, thus rendering the attribute useless. Setting requestValidationMode="2.0" will revert to the asp.net 2.0 request validation behavior, allowing the ValidateInput attribute to work as expected.
Asp.Net 4默认将requestValidationMode设置为4.0,它告诉系统在HTTP请求的BeginRequst阶段之前执行请求验证。验证将在系统到达action属性之前发生,告诉它不要验证请求,从而使属性无效。设置requestValidationMode =“2.0”将恢复为asp.net 2.0请求验证行为,允许ValidateInput属性按预期工作。
(thanks Jim - upvotes belong here)
(感谢Jim - upvotes属于这里)
#2
7
Well...answered my own problem...the culprit: Html.RenderAction<T>
. If there are any calls to other actions in the request context (e.g. from the Master Page or child partials) these actions also need to have [ValidateInput(false)]
set appropriately. This seems like a bit of a problem though with MVC or the way the Page object works in ASP.NET as this is a really obfuscated bug to find.
嗯...回答了我自己的问题......罪魁祸首:Html.RenderAction
#3
1
You have to add the attribute to every controller action that is invoked during your request, i.e. check all partial requests.
您必须将该属性添加到请求期间调用的每个控制器操作,即检查所有部分请求。
#4
0
Please note that these suggestions will not fix the problems caused by a bug that occurs when you have to use [ValidateInput(false)] in combination with a FormCollection.
请注意,这些建议无法解决因必须将[ValidateInput(false)]与FormCollection结合使用时出现的错误所导致的问题。
See: ASP.NET MVC 3 ValidateRequest(false) not working with FormCollection
请参阅:ASP.NET MVC 3 ValidateRequest(false)不使用FormCollection