stackoom
  简体   繁体   中英

Request Validation with ASP.Net MVC 5

 原文  2016-11-22 22:31:23       c#/ asp.net-mvc/ request-validation

Question

In the past, I've been accustomed to being able to use request validation as a first line of defense for XSS.

However, I don't seem to be able to get the validation to kick in. 

<httpRuntime requestValidationMode="4.5"/>

<configuration>
    <system.web>
        <pages validateRequest="true" />
    </system.web>
</configuration>

Regardless of this configuration, errors are not thrown and validation is not being run. Is there some other global way to enable/disable validation that I am missing?

1 answers

solution1
 0  2018-04-25 08:13:16

There are enhancements added to request validation starting with ASP.NET 4.5 that include deferred ("lazy") validation, the ability to opt-out at the server control level, and the ability to access unvalidated data. In order to leverage these enhancements you will need to ensure that requestValidationMode has been set to "4.5"

web.config: 

<configuration>
  <system.web>
    <httpRuntime requestValidationMode="4.5"/>
  </system.web>
</configuration>

from: https://www.owasp.org/index.php/ASP.NET_Request_Validation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MVC 2 and ASP.NET 4 Request Validation Exception How to disable request validation in ASP.NET MVC, IIS Express ASP.NET MVC Non English URL Request Validation Exception ASP.NET MVC: Remote Validation not fired Validation message color ASP.NET MVC 4 ASP.NET MVC Conditional validation Fluent Validation with ASP.NET MVC 5 Simple ASP.Net MVC 1.0 Validation ASP.NET MVC: Output validation ASP.NET MVC 5 Validation - Property are different
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM