Excepción de validación incluso con ValidateRequest = "false"

I have a textbox in a web form where an admin user can add HTML to be submitted for entry into the database.

In the past, I've always added ValidateRequest="false" de las personas acusadas injustamente llamadas Page when submitting HTML data to avoid validation error. However, with this website, even with ValidateRequest establecido en false, Recibo el siguiente error:

Se detectó un valor de Request.Form potencialmente peligroso del cliente

I've heard this is to do with .NET 4 security, but this is an ASP.NET 3.5 application.

¿Por qué sigo recibiendo este error?

preguntado el 08 de noviembre de 11 a las 15:11

what are you actually posting? -

why dont you encode it ? -

This is webforms right, and not MVC? -

@JamesJohnson Indeed. Retagged. -

@RoyiNamir - Ah didnt think of that! I'll give that a shot. -

2 Respuestas

RequestValidation has significant changes in .Net 4.0.

Take a lot at: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode(VS.100).aspx

To solve your problem you have to set requestValidationMode to a value less than 4.0 in httpRuntime in weh.config like this:

<httpRuntime requestValidationMode="2.0" />

Respondido el 22 de diciembre de 11 a las 20:12

If you are nervous about setting the request validation back to .net 2 - just add a location flag to web config (along with setting ValidateRequestMode="Disabled" on the text box you want to allow special chars in). The location setting in web.config is like this:

  <location path="login.aspx">
    <system.web>
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>

See excellent article, and comments, regarding this here: https://weblog.west-wind.com/posts/2010/Aug/19/RequestValidation-Changes-in-ASPNET-40

Respondido 11 Jul 19, 09:07

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.