stackoom
  简体   繁体   中英

ASP.NET MVC Non English URL Request Validation Exception

 原文  2014-06-12 01:59:24       c#/ asp.net-mvc/ model-view-controller/ httpwebrequest

Question

In my ASP.NET MVC 2 application, I have this encoded image url - 

<img src="/Image?Selected_Nme=Mayag%26%23252%3Bez%2C%20PR/>

The uncoded Selected_Nme is "Mayagüez, PR".

I will get an exception error like this - 

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (amp;Selected_Nme="Mayag&#252;ez, PR").]

Then I decorated my action in controller with "[ValidateInput(false)]", like this - 

        [ValidateInput(false)]
        [HttpGet]
        [OutputCache(CacheProfile = "test")]
        public ActionResult Image(string Selected_Nme = ""){
...
}

I still see the same error after this.

What can I do to eliminate the problem?

Thanks,

1 answers

solution1
 2 ACCPTED  2014-06-12 02:05:23

You need to configure the requestValidationMode : 

<system.Web>
    ...
    <httpRuntime requestValidationMode="2.0"/>

From Request Validation in ASP.NET :

You can disable request validation for an entire application, but doing so is not recommended. The recommendation is to selectively disable request validation only for the virtual paths or specific pages where you want to allow markup.

In either case, you must make two changes in the Web.config file. The first change is to set the requestValidationMode attribute of the httpRuntime element to "2.0". This setting makes request validation occur later in the sequence of request processing events. The setting is required for applications that use ASP.NET 4 and later, because as of ASP.NET 4, request validation takes place earlier in the request life cycle than it did in previous versions of ASP.NET

One last worthwhile note. Using [ValidateInput(false)] disables validation for all data sent into the method. If you would still like to keep validation in place for any other properties being sent, you can disable the validation on a specific property of a class: 

public class SomeModel {
    [AllowHtml]
    public string Selected_Nme { get; set; }

    // this property will still be validated!
    public string PleaseDontXSSMe { get; set; }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MVC 2 and ASP.NET 4 Request Validation Exception How to force English language in MVC 5 ASP.NET field validation? Request Validation with ASP.Net MVC 5 How to disable request validation in ASP.NET MVC, IIS Express Hosting ASP.NET MVC in a non-root URL Asp.NET MVC4 Redirect(url) throwing argument exception Asp.Net MVC Dynamicaly create url for ajax request Http GET validation ASP.NET MVC 5 Working with Remote Validation asp.net MVC asp.net mvc validation problem
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM