从客户端检测到一个潜在危险的Request.Form值(]
可能重复:
从客户端检测到潜在危险的Request.Form值
我收到了错误消息:
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$textboxError=... 在我运行asp.net(C#)Web应用程序之后。 我该怎么解决?
这是我的代码。
using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using System.Net; using System.Text.RegularExpressions; namespace SMS { public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { textboxRecipient.Width = 400; textboxMessage.Width = 450; textboxMessage.Rows = 10; textboxError.Width = 400; textboxError.Rows = 5; textboxError.ForeColor = System.Drawing.Color.Red; textboxError.Visible = false; textboxError.Text = ""; if (!Page.IsPostBack) { textboxRecipient.Text = "+85593840396"; textboxMessage.Text = "Hello World!"; } } protected void buttonSendOnClick(object sender, EventArgs e) { if (textboxRecipient.Text == "") { textboxError.Text += "Recipient(s) field must not be empty!\n"; textboxError.Visible = true; return; } string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening string ozUser = HttpUtility.UrlEncode("tenh"); //username for successful login string ozPassw = HttpUtility.UrlEncode("tenh123"); //user's password string ozMessageType = "SMS:TEXT"; //type of message string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); string createdURL = ozSURL + ":" + ozSPort + "/httpapi" + "?action=sendMessage" + "&username=" + ozUser + "&password=" + ozPassw + "&messageType=" + ozMessageType + "&recipient=" + ozRecipients + "&messageData=" + ozMessageData; try { HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL); HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse(); System.IO.StreamReader respStreamReader=new System.IO.StreamReader(myResp.GetResponseStream()); string responseString = respStreamReader.ReadToEnd(); respStreamReader.Close(); myResp.Close(); //inform the user textboxError.Text = responseString; textboxError.Visible = true; } catch (Exception) { textboxError.Text = "Ozeki NG SMS Gateway Server is not running!"; textboxError.Visible = true; } } } }
我已将下面的代码添加到我的web.config中:
validateRequest="false" and requestValidationMode="2.0"
不知道为什么validateRequest="false"不起作用。 错误原因:因为您从包含Html标记的网页获取数据,而文本框文本属性不允许为其分配html字符串,因此您必须使用将html标记转换为其等效代码的方法。 在将responseString分配给textboxError.Text时使用HTML.Encode方法。 此方法将可能不安全的字符转换为HTML编码的等效字符。
textboxError.Text = Server.HTMLEncode(responseString);
- 如何将存储过程的多个结果存储到数据集中?
- 当我尝试将数据插入文本框时,System.Data.dll中出现未处理的“System.InvalidOperationException”类型的exceptionexception
- ASP.NET中List 和ListViews的Dictionary
- 使用Context – Entity Framework 4填充DataSet
- SagePay .Net Integration Kit – 返回3dSecureStatus的NOTAVAILABLE值时出错
- 如何将自定义角色添加到ASP.NET Core
- 如何使用ASP.NET从SQL Server显示图像?
- 在我的ASP.NET Codebehind中使用StringBuilder编写HTML是一个好习惯吗?
- 如何仅在第一列的Gridview中使用Rowspan