aspx 页面
<%@ Page Language="C#" Debug = "true" AutoEventWireup="true" CodeFile="JX_NewsForm.aspx.cs" Inherits="JX_JX_NewsForm" ValidateRequest="false" %> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> <link href="../css/css.css" rel="stylesheet" type="text/css" /> <!--#include file="../Js/KeyControl.js"--> <script src="../JS/calendar.js" type ="text/javascript"></script> <base target="_self" /> <link rel="stylesheet" href="/editor2/themes/default/default.css" /> <link rel="stylesheet" href="/editor2/plugins/code/prettify.css" /> <script charset="utf-8" src="/editor2/kindeditor.js"></script> <script charset="utf-8" src="/editor2/lang/zh_CN.js"></script> <script charset="utf-8" src="/editor2/plugins/code/prettify.js"></script> <script type="text/javascript" language="JavaScript"> KindEditor.ready(function(K) { var editor1 = K.create('#dContent', { cssPath: '/editor2/plugins/code/prettify.css', uploadJson: '/editor2/asp.net/upload_json.ashx', fileManagerJson: '/editor2/asp.net/file_manager_json.ashx', allowFileManager: true, afterCreate: function() { var self = this; K.ctrl(document, 13, function() { self.sync(); K('form[name=example]')[0].submit(); }); K.ctrl(self.edit.doc, 13, function() { self.sync(); K('form[name=example]')[0].submit(); }); } }); prettyPrint(); }); </script > <script language="javascript" type="text/javascript" </head>
aspx 页面
<system.web> <globalization requestEncoding="gb2312" responseEncoding="gb2312" culture="zh-CN" fileEncoding="gb2312" /> <httpRuntime maxRequestLength="2091151" useFullyQualifiedRedirectUrl="false" executionTimeout="3600" requestLengthDiskThreshold="2091150" /> <pages validateRequest="false" /> <customErrors mode="Off"></customErrors> <httpHandlers> <add verb="*" path="*.ashx" type="AjaxPro.AjaxHandlerFactory,AjaxPro" /> </httpHandlers> <sessionState stateConnectionString="tcpip=127.0.0.1:42424" /> <authentication mode="Windows" /> <!--<identity impersonate="true" userName="easymad" password="xiajun" />--> <compilation debug="true" > <assemblies> <add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <add assembly="System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <!--<add assembly="office, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" />--> <add assembly="Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" /> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> </assemblies> </compilation> </system.web>
出现的问题:
Server Error in '/' Application. -------------------------------------------------------------------------------- A potentially dangerous Request.Form value was detected from the client (dContent="<p> 一驾校巧立名目变相降价,散发代金..."). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (dContent="<p> 一驾校巧立名目变相降价,散发代金..."). Source Error: The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL: 1. Add a "Debug=true" directive at the top of the file that generated the error. Example: <%@ Page Language="C#" Debug="true" %> or: 2) Add the following section to the configuration file of your application: <configuration> <system.web> <compilation debug="true"/> </system.web> </configuration> Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode. Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.
仅在2.0下有效,两种解决办法:
1、在<system.web>配置节下增加<httpRuntime requestValidationMode="2.0"/><!-- 回到 2.0 的防護方式-->
2、自定义RequestValidation。
在web.config 中添加这个属性出现这个问题!加不上去啊!
@低级菜鸟: 你的framework版本是多少呢?要4.0下这个配置节才有效的。
@幻天芒:3.5!我用的是vs2008啊!
@低级菜鸟: 切换成4.0试试呢~