开发者

How can I get back textbox's values like this "<value>" in aspx

开发者 https://www.devze.com 2023-01-13 13:56 出处:网络
I have a page with a button and a textbox, when a input \"<string>\" in the text box and then I press the button I got this error: A potentially dange开发者_如何学JAVArous Request.Form value was

I have a page with a button and a textbox, when a input "<string>" in the text box and then I press the button I got this error: A potentially dange开发者_如何学JAVArous Request.Form value was detected from the client (TextBox1=""<string>"").


This is a security feature of ASP.NET, which prevents a user to submit potentially dangerous code like script blocks.

You can disable this by setting the validateRequest attribute of the Page directive to false

 <%@ Page validateRequest="false" %>

or disable it in web.config:

<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

But be careful! As I said, this is a security feature!

You can read more about it here: http://www.asp.net/learn/whitepapers/request-validation


You need to tell ASP not to validate the form values on the page:

<%@ Page  ... ValidateRequest="false"%>

This gets rid of your error, but on the back end you need to protect yourself from malicious input. Replace all < and > characters with encoded values so that you do not open yourself up to a XSS attack.


Because you are passing the "<" and the ">", which could include possible malicious data. You need to turn off page validation by either:

Setting the page declaration:

<%@ Page Language="C#" ValidateRequest="false" %>

Or in the web.config:

<system.web>
  <pages validateRequest="false" />
</system.web>

If you do this you need to sanitize the input stringently! You can do this by encoding your input on the server side:

Server.HtmlEncode(TextBox1.Text)
0

精彩评论

暂无评论...
验证码 换一张
取 消