stackoom
  简体   繁体   中英

ValidateInput Attribute Doesn't Seem To Work in ASP.NET MVC

 原文  2009-09-22 17:06:27       asp.net/ asp.net-mvc

Question

I'm trying to get around the "potentially dangerous Request.Form value" error and I'm having no luck. Yes, yes, I've read all the other StackOverflow related questions and none of them seem to get me closer to an answer. I am using [ValidateInput(false)] on all related controller actions...and I've checked many times. I'm using ValidateRequest='false' in all the related ASPX views.

I am using ASP.NET MVC 2 Preview 1, but I don't think that's an issue since the error is being generated lower in the framework; Page.ProcessRequest to be exact. I can't see anything I'm doing wrong, I even set <page validateRequest='false'> in the web.config and that didn't solve it either.

4 answers

solution1
 32  2010-04-20 03:43:53

With asp.net 4, you'll need to configure the validation mode in the web.config as well.

Set the following as a child of the <system.web> element: 

<httpRuntime requestValidationMode="2.0"/>

Asp.Net 4 sets the requestValidationMode to 4.0 by default, which tells the system to perform request validation before the BeginRequst phase of the HTTP request. The validation will occur before the system reaches the action attribute telling it not to validate the request, thus rendering the attribute useless. Setting requestValidationMode="2.0" will revert to the asp.net 2.0 request validation behavior, allowing the ValidateInput attribute to work as expected.

(thanks Jim - upvotes belong here )

solution2
 7  2009-09-22 17:20:19

Well...answered my own problem...the culprit: Html.RenderAction<T> . If there are any calls to other actions in the request context (eg from the Master Page or child partials) these actions also need to have [ValidateInput(false)] set appropriately. This seems like a bit of a problem though with MVC or the way the Page object works in ASP.NET as this is a really obfuscated bug to find.

solution3
 1  2010-05-07 07:52:55

您必须将该属性添加到请求期间调用的每个控制器操作,即检查所有部分请求。

solution4
 0  2010-12-08 09:18:03

Please note that these suggestions will not fix the problems caused by a bug that occurs when you have to use [ValidateInput(false)] in combination with a FormCollection.

See: ASP.NET MVC 3 ValidateRequest(false) not working with FormCollection

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ValidateInput(false) doesn't seem to work when running under IIS API Controller added to ASP.NET MVC web application doesn't seem to work slidingExpiration doesn't seem with work with ASP.NET MVC APIs when working with SPAs ASP.NET MVC membership doesn't seem to work if user know direct url ASP.NET MVC2 on .NET 4.0: is [ValidateInput(false)] enough? asp.net 4 custom request validator doesn't seem to work ASP.NET MVC Remote Attribute doesn't work in bootstrap modal ASP.NET MVC Route Doesn't Work With .html Extension mvc asp.net: webgrid paging doesn't work ASP.NET 5 MVC 6 - Ajax doesn't work in <a> element
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM