requestValidationMode 2.0和4.0之间有什么区别
[英]What's the difference between requestValidationMode 2.0 and 4.0
问题描述
here are the definations from MSDN, 
以下是来自MSDN的定义,
4.0 (the default). 4.0(默认值)。 The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. HttpRequest对象在内部设置一个标志,指示每当访问任何HTTP请求数据时都应触发请求验证。 This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. 这保证了在请求期间访问诸如cookie和URL之类的数据之前触发请求验证。 The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored. 将忽略配置文件中的pages元素(如果有)或单个页面中的@ Page指令的请求验证设置。
2.0. 2.0。 Request validation is enabled only for pages, not for all HTTP requests. 仅对页面启用请求验证,而不是对所有HTTP请求启用。 In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate. 此外,配置文件中的pages元素(如果有)或单个页面中的@ Page指令的请求验证设置用于确定要验证的页面请求。
but I don't follow, can some help to explain a little bit? 但我不遵循,可以帮助解释一下吗?
1 个解决方案
解决方案1
2 已采纳 2011-03-25 07:19:59
You might have a look at this 你可以看看这个
Think of it as that not only request from .aspx pages are validated for malicous requests, rather than all requests are validated. 可以把它想象成,不仅来自.aspx页面的请求被验证用于恶意请求,而不是所有请求都被验证。 This might result it websites breaking their functionality if they were upgraded from 2.0 to 4.0 这可能会导致网站在从2.0升级到4.0时破坏其功能
To be honest, I don't now why certain request fail. 说实话,我现在不知道为什么某些要求失败了。 So far I've only set my 4.0 apps back to 2.0 validation 到目前为止,我只将我的4.0应用程序设置回2.0验证
<httpRuntime requestValidationMode="2.0" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.