从客户端检测到危险的Request.Cookies值
[英]Dangerous Request.Cookies value was detected from the client
问题描述
I am in quite the situation here at work as I´m all of a sudden starts getting this error: 
我处于工作状态,因为我突然开始收到此错误:
An exception of type 'System.Web.HttpRequestValidationException' occurred in System.Web.dll but was not handled in user code System.Web.dll中发生类型为'System.Web.HttpRequestValidationException'的异常,但未在用户代码中处理
Additional information: A potentially dangerous Request.Cookies value was detected from the client (CustomerRegionName="Ö"). 附加信息:从客户端检测到一个潜在危险的Request.Cookies值(CustomerRegionName =“&#214”)。
I know that there are several threads about this issue already, and I´ve tried all of the answers I have seen, the most common being the following: 我知道已经有关于此问题的多个主题,我已经尝试了所有见过的答案,最常见的是以下几点:
Use httpRuntime requestValidationMode="2.0" 使用httpRuntime requestValidationMode =“ 2.0”
in your web.config (keeping any attributes you already have on that element, if it's already there). 在您的web.config中(保留该元素上已经具有的所有属性,如果已经存在)。 ASP.NET4.0 ignores ValidateRequest otherwise. ASP.NET4.0否则会忽略ValidateRequest。 Taken from: Here 取自: 这里
I am building a website where most input is in Swedish, so to prevent browserproblems I encode all cookie values with the help of HttpUtility class. 我正在建立一个网站,其中大多数输入都使用瑞典语,因此为了防止浏览器出现问题,我借助HttpUtility类对所有cookie值进行了编码。
That means that A value like "Örebro" will be encoded to something like this: %c3%96rebro. 这意味着像“Örebro”这样的值将被编码为以下形式:%c3%96rebro。
And for some reason .net framework thinks that this is some kind of dangerous value. 出于某种原因,.net框架认为这是某种危险的价值。
I have absolutely no idea what to do here... Any help would be greatly appreciated. 我完全不知道该怎么办...任何帮助将不胜感激。
2 个解决方案
解决方案1
1 已采纳 2016-09-06 15:51:18
To avoid this error, convert your string into a hexadecimal representation of the string. 为避免此错误,请将您的字符串转换为该字符串的十六进制表示形式。 This can be done with code like this: 可以使用以下代码完成此操作:
string ConvertedString = BitConverter.ToString(Encoding.Default.GetBytes(YourString));
Note that this string will have the hex separated into pairs with "-" (ie, 4f-cc-12-ab). 请注意,该字符串的十六进制将与“-”成对(即4f-cc-12-ab)。
When you read it back, restore it to the original string with code like this, assuming your read the encoded string back into string zBackInHex: 读回时,使用如下代码将其还原到原始字符串,假设您将编码后的字符串读回到字符串zBackInHex中:
string zHex = (zBackInHex.Replace("-", "");
byte[] ba = new byte[zHex.Length / 2]; //One byte for each two chars in zHex
for(int ZZ = 0; ZZ < ba.Length; ZZ++){
ba[ZZ] = Convert.ToByte(zHex.Substring(ZZ * 2, 2), 16);
}
string zBackIn = Encoding.ASCII.GetString(ba); //The original string
I got the idea for this method from another post. 我从另一篇文章中了解了这种方法。 I'd give credit, but I don't remember where I originally saw it. 我会赞扬的,但我不记得我最初在哪里看到它。
解决方案2
0 2016-09-06 13:55:47
Why don't you try to replace strings with IDs, that will remove all the hassle with encoding. 为什么不尝试用ID替换字符串,这将消除编码带来的所有麻烦。 Create lookup table with region ID, RegionName. 创建具有区域ID RegionName的查找表。 Pass ID to your cookie, and there will be no problem with dangerous requests. 将ID传递到您的Cookie,危险请求不会有任何问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.