This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # MVC detects a potentially dangerous Request.Form value from the client.
View: 17891|Reply: 0

[ASP.NET] A workaround for MVC to detect a potentially dangerous Request.Form value from the client

[Copy link]
Posted on 11/25/2016 4:33:35 PM | | | |


[HttpRequestValidationException (0x80004005): From the client... Potentially dangerous Request.Form value is detected in the Request.Form value. ]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)



1. In fact, the error has been clearly explained and the solution is told:


A potentially dangerous Request.Form value was detected from the client (txtUEditor="<p>a</p>").

Description: The request validation process detected potentially dangerous client input values and the processing of the request has been aborted. This value may indicate that there is an attempt to compromise the security of the application, such as a cross-site scripting attack. To allow the page to override the application request validation settings, set the requestValidationMode property in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. Once this value is set, <pages> request validation can be disabled by setting validateRequest="false" in the Page directive or in the configuration section. However, in this case, it is highly recommended that the application explicitly check all inputs. See http://Go.microsoft.com/fwlink/?LinkId=153133 for more information.

Exception details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtUEditor="<p>a"a</p>).

2. Another way is to set it in the Pages section in web.config, such as:




But this method is not good, too violent, because it will make all pages of the entire project no longer verify the submitted content, and the security is greatly reduced.

3. Recommended practices:
Add an Attribute:[ValidateInput(false)] to the Action, which will only prevent the page from validating the submission, and not affect other pages.




Note: If Request.Form["XXX"] is obtained in this way, a potentially dangerous anomaly will still be detected, so be sure to put the data you want to obtain in the controller parameters! !




Previous:EasyUI verification confirms that the password and the new password are consistent
Next:ueditor multi-image upload removes the online management and image search tab functions

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com