堆栈内存溢出
  简体   繁体   English

根据内部宽度显示脚本-没有“潜在危险的request.form”

[英]Show script depending on innerwidth - without “potentially dangerous request.form”

 原文  2012-11-14 08:25:55       javascript/ jquery/ asp.net/ xss/ validate-request

问题描述

What I want: 我想要的是:

I have a situation where I want to show affiliate ads on my website. 我有一种情况想要在我的网站上显示会员广告。 These are basically javascripts, with content within them. 这些基本上是javascript,其中包含内容。 As my site has a responsive design, I want to load different ads depending on the jQuery innerwidth property. 由于我的网站采用自适应设计,因此我想根据jQuery innerwidth属性加载不同的广告。 So summed up: I want to load different javascripts depending on the innerwidth property. 综上所述:我想根据innerwidth属性加载不同的javascript。

What I have done: 我做了什么:

I load two different javascripts in hiddenfields, and depending on the innerwidth, I show either one with the div.html() command. 我在hiddenfields中加载了两种不同的javascript,并且根据内部宽度,我使用div.html()命令显示了其中一种。 However, this gives the "potentially dangerous request.form" error when the user submits a post (ASP.NET defence of XSS), as the content loaded has dangerious characthers, which makes sense. 但是,当用户提交帖子(XSS的ASP.NET防御)时,这会产生“潜在危险的request.form”错误,因为加载的内容具有危险的特征,这是有道理的。

I could say "ValidateRequest=false" on all pages, but that's a horrible solution which would open a lot of security problems. 我可以在所有页面上说“ ValidateRequest = false”,但这是一个可怕的解决方案,将带来很多安全问题。

My thoughts... 我的想法...

The best way would be to load the ads from the server-side, but we don't know the browser width here. 最好的方法是从服务器端加载广告,但是我们不知道这里的浏览器宽度。 From what I've been able to read, it seems hard / impossible to get the innerwidth value at page_load. 根据我的理解,似乎很难/不可能在page_load中获取innerwidth值。

But I would like to load my ads without making a potentially dangerious request. 但是,我希望在不提出潜在危险请求的情况下加载广告。

Any ideas on how to solve this? 关于如何解决这个问题的任何想法?

1 个解决方案

解决方案1
 0 已采纳  2012-11-16 10:10:46

The solution I ended up with, was to set the HTML of to invisible divs, DivA and DivB, at Page_Load. 我最终得到的解决方案是在Page_Load处将HTML的HTML设置为不可见的div,DivA和DivB。

Then, in JavaScript, depending on the innerwidth property (and on the resize event), I could set the divs to visible/invisible. 然后,在JavaScript中,根据innerwidth属性(以及resize事件),我可以将div设置为可见/不可见。

Very simple solution, compared to what I was trying to do. 与我尝试做的相比,非常简单的解决方案。 Yes, it gives a little bit more rendered HTML, but at least it works and it's fast. 是的,它提供了更多呈现的HTML,但至少它可以运行而且速度很快。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从客户端innerhtml中检测到潜在危险的request.form值 - potentially dangerous request.form value was detected from the client innerhtml 使用JavaScript删除危险数据后,潜在的危险Request.Form值 - A potentially dangerous Request.Form value after removing dangerous data with JavaScript 从客户端检测到潜在危险的Request.Form值,请编码帮助 - A potentially dangerous Request.Form value was detected from the client, encoding help please asp.net mvc的客户端验证“一个有潜在危险的Request.Form ...... - client side validation for asp.net mvc “A potentially dangerous Request.Form… 一个潜在危险的Request.QueryString —如何在不关闭安全功能的情况下进行预防 - A potentially dangerous Request.QueryString — How to prevent without turning off safety features 如何在脚本标签中获取Request.Form? - How to get the Request.Form within a script tag? 带有Request.Form的JScript数组 - JScript array with Request.Form Flask Ajax request.form - Flask Ajax request.form 从客户端(:)检测到潜在危险的Request.Path值 - A potentially dangerous Request.Path value was detected from the client (:) ASP.NET潜在危险请求Javascript正则表达式 - ASP.NET potentially Dangerous Request Javascript Regex
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM