I have a page with a button and a textbox, when a input "<string>" in the text box and then I press the button I got this error: A potentially dange开发者_如何学JAVArous Request.Form value was detected from the client (TextBox1=""<string>"").
This is a security feature of ASP.NET, which prevents a user to submit potentially dangerous code like script blocks.
You can disable this by setting the validateRequest
attribute of the Page directive to false
<%@ Page validateRequest="false" %>
or disable it in web.config:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
But be careful! As I said, this is a security feature!
You can read more about it here: http://www.asp.net/learn/whitepapers/request-validation
You need to tell ASP not to validate the form values on the page:
<%@ Page ... ValidateRequest="false"%>
This gets rid of your error, but on the back end you need to protect yourself from malicious input. Replace all <
and >
characters with encoded values so that you do not open yourself up to a XSS attack.
Because you are passing the "<" and the ">", which could include possible malicious data. You need to turn off page validation by either:
Setting the page declaration:
<%@ Page Language="C#" ValidateRequest="false" %>
Or in the web.config:
<system.web>
<pages validateRequest="false" />
</system.web>
If you do this you need to sanitize the input stringently! You can do this by encoding your input on the server side:
Server.HtmlEncode(TextBox1.Text)
精彩评论