堆棧內存溢出
  簡體   English   中英

從客戶端innerhtml中檢測到潛在危險的request.form值

[英]potentially dangerous request.form value was detected from the client innerhtml

 原文  2014-07-21 11:37:29       javascript/ html/ asp.net

問題描述

我有一個使用隱藏字段值呈現表格並運行“文檔就緒”頁面的表格。

在頁面加載中填充代碼的隱藏字段值是: 

<div 
    onclick="GetIcon(this)" style="cursor:pointer;" 
    URL=~\App_Images\Gallery\MapIcons\administrativeboundary.png >

    <img 
        src=../App_Images/Gallery/MapIcons/administrativeboundary.png 
        title="administrativeboundary"/>
</div>
#
<div 
    onclick="GetIcon(this)" 
    style="cursor:pointer;" 
    URL=~\App_Images\Gallery\MapIcons\administrativeboundary.png >

    <img src=../App_Images/Gallery/MapIcons/administrativeboundary.png 
        title="administrativeboundary"/>
</div>#

我的函數頁面加載為: 

     $(document).ready(function() {
            RendertblConstantsColumns('tbl_Gallery', 5, 'GColumn');
            RenderGalleryTable();
        });

function RendertblConstantsColumns(tblid, ColumnNo, Columnid) {
    var tblConstants = document.getElementById(tblid);
    var tr = document.createElement('tr');
    tblConstants.appendChild(tr);
    for (var i = 0; i < ColumnNo; i++) {
        var td = document.createElement('td');
        td.setAttribute('style', 'text-align: right');
        td.setAttribute('id', Columnid + i.toString());
        tblConstants.appendChild(td);
    }
}
        function RenderGalleryTable() {

            var Gallery = document.getElementById("<%=hdnGallery.ClientID%>");
            var Images = Gallery.value.split('#');

            for (var i = 0; i < Images.length - 1; i++) {
                var Mode = i % 5;
                var Column = document.getElementById('GColumn' + Mode.toString());
                Column.innerHTML += Images[i];
            }
        }

我在此頁面上設置ValidateRequest =“ false”和EnableEventValidation =“ false”,但是當運行頁面時,顯示此錯誤消息: 

potentially dangerous request.form value was detected from the client

我的堆棧跟蹤是: 

at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.HttpRequest.get_Item(String key)
   at ASP.global_asax.Application_PreRequestHandlerExecute(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

編輯:我在服務器中填充這樣的隱藏字段: 

string HTML = "";
HTML += "<div onclick=\"GetIcon(this)\" style=\"cursor:pointer;\"" + " URL=" + URL + " ><img " + "src=../App_Images/Gallery/MapIcons/" + ImageName + " " + "title=\"" + ImageName.Split('.')[0] + "\"" + "/></div>#";

hdnGallery.Value = HTML;

2 個解決方案

解決方案1
 0  2014-07-21 11:41:02

通常,解決方案是對正在發送到服務器的有害數據進行HTML編碼。

由於錯誤是在運行時發生的,因此請嘗試確定可能觸發JavaScript的代碼行來觸發錯誤。

解決方案2
 0 已采納  2014-07-27 02:44:28

請在web.config文件中進行必要的設置:- 

<system.web>
    <requestValidationMode="2.0" />
</system.web>

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 從客戶端檢測到潛在危險的Request.Form值,請編碼幫助 從客戶端(:)檢測到潛在危險的Request.Path值 使用JavaScript刪除危險數據后,潛在的危險Request.Form值 Javascript / Razor Request.Params從客戶端檢測到潛在危險的Request.QueryString值 SignalR ping 返回錯誤 400:“檢測到來自客戶端的潛在危險 Request.Path 值” asp.net mvc的客戶端驗證“一個有潛在危險的Request.Form ...... 根據內部寬度顯示腳本-沒有“潛在危險的request.form” 使用表單發送數據並從Request.Form中讀取數據 request.form [“”]無法在C#中獲取值 如何使用Request.Form在下拉列表中查找文本值
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM