开发者

When I try to pass large amounts of information using jquery $.ajax(post) method. it throws potential dangerous html error

开发者 https://www.devze.com 2022-12-26 16:19 出处:网络
I am trying to create a preview window for my texteditor in my blog page. I need to send the content to the server to clean up the text enteredbefore I can preview it on the preview window. I was tryi

I am trying to create a preview window for my texteditor in my blog page. I need to send the content to the server to clean up the text entered before I can preview it on the preview window. I was trying to use

$.a开发者_开发百科jax({
  type: method,
  url: url,
  data: values,
  success: LoadPageCallback(targetID),
  error: function(msg) {
    $('#' + targetID).attr('innerHTML', 'An error has occurred. Please try again.');
  }
});

Whenever I tried to click on the preview button it returns an XMLHTTPRequest error. The error description -

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

The ValidateRequest for the page is set to false.

Is there a way I can set validaterequest to false for the ajax call.Please advise

Thank you for reading my post.

I am using ASP.net. How can i do htmlencode using JAVAscript/jquery?


If method is get, it's possible that your request is too large for it, and your request is mis-identified as an attack.

Can you try using post?


The ValidateRequest for the page is set to false.

How are you setting that? Evidently it hasn't taken for some reason. You can also try in in the configuration:

<pages validateRequest="false" /> 

(inside <system.web>.)

Setting validateRequest to false should stop this error appearing, and is in general the right thing to do anyway. ASP.NET's “request validation” is 100% bogus. It does not and cannot protect you properly from XSS attacks, but it will happily screw up your apps like this.


I need to send the content to the server to clean up the text entered before I can preview it on the preview window.

If you're using ASP.NET WebForms, there's a good chance you're running into this problem.

Request validation, a feature of ASP.NET since version 1.1, prevents the server from accepting content containing un-encoded HTML. This feature is designed to help prevent some script-injection attacks whereby client script code or HTML can be unknowingly submitted to a server, stored, and then presented to other users. We still strongly recommend that you validate all input data and HTML encode it when appropriate.

0

精彩评论

暂无评论...
验证码 换一张
取 消