开发者

validateRequest="false" is acting weird

问答 作者:

(ASP.NET 4.0 C#)

I have my <httpRuntime requestValidationMode="2.0" /> in the webconfig. And I have my validateRequest="false" in page directories.

On one page, I send some data (html) from a ckeditor (textarea) to a database. Works fine. On another page I fil开发者_如何转开发l the ckeditor with data from a database, then I update it (send it back), and I get the famous "A potentially dangerous Request.Form value was detected from the client."

Makes me very confused. The only difference is that on the second page the data gets dynamically inserted into the textarea, where on the first page the textarea is empty on pageload. Am i missing something here? Im pretty sure Encoding/decoding doesnt mean anything, as the framework stops it before I can even start messing with it on the backend.

Okay I havent found an answer to why it behaving the way it is. But, I found a very easy and quick way around it (+ new benefits).

Theres a guy who made a .net ckeditor control

http://cksource.com/forums/viewtopic.php?f=11&t=15882

There ya go. Works like a charm. No validation errors what so ever.

Try setting ValidateRequest to false in the page directive? A better option might be to use the Microsoft Anti-Cross Site Scripting Library:

http://msdn.microsoft.com/en-us/library/aa973813.aspx

A similar question was answered here:

What's the difference between requestValidationMode 2.0 and 4.0

It's also possible that either ASP.NET 4.0 is not installed or that the application pool is not set to run under 4.0.

ValidationRequest="false" only applied to .aspx files in prior versions of the framework.

In ASP.NET 4 it is enabled for all requests before the BeginRequest phase of any HTTP request. So request validation applies to requests for all ASP.NET resources such as web service calls and custom HTTP handlers.

To bypass this new mechanism one must create their own RequestValidator and change the web.config to use this custom validator.

http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx

继续阅读:asp.netckeditorvalidate-requestwebforms

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9