我遇到了一个Web应用程序,经常只是一个单一的aspx页面喷涌而出,下面的样式错误的问题:.NET 2/VB:RequestValidation =假替代
Browser: IE
Url Referrer: redacted
User Host 1.1.1.1
User Host Name: 1.1.1.1
Last Error: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w..."). at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Source: System.Web
Message: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w...").
通常情况下,我会怀疑用户必须做一些愚蠢的事情,比如将HTML标签放在那里,但这种情况经常发生,并且电子邮件中没有HTML报告。
我知道,我可以用RequestValidation="false"
Page
指令关闭关闭ValidateRequest
,但是这也是不可取的,因为我想一些验证,只要不是过度敏感验证。
有什么方法可以覆盖ValidateRequest
的默认实现吗?有没有人遇到错误地产生错误ValidateRequest
?最后,有人知道ValidateRequest
甚至看起来像什么吗?
为什么在这个问题的标题中包含“经典”这个词? – AnthonyWJones 2012-08-14 20:58:06
@AnthonyWJones,我大多是新的微软堆栈,从我的理解是“经典”ASP与ASP.NET和“经典”VB与VB.net之间的区别... – 2012-08-14 21:00:24
但我同意标题是可怕的。 ..建议? – 2012-08-14 21:00:52