Change HttpContext.Request.InputStream
I am getting lot of errors for HttpRequestValidationException in my event log.
Is it possible to HTMLEncode all the inputs from override of ProcessRequest on web page. I have tried this but it gives context.Request.InputStream.CanWrite == false always.
Is there any way to HTMLEncode all the feilds when request is made?
public override void ProcessRequest(HttpContext context)
{
if (context.Request.InputStream.CanRead)
{
IEnumerator en = HttpContext.Current.Request.Form.GetEnumerator();
while (en.MoveNext())
{
//Response.Write(Server.HtmlEncode(en.Current + " = " +
//HttpContext.Current.Request.Form[(string)en.Current]));
}
long nLen = context.Request.InputStream.Length;
if (nLen > 0)
{
string strInputStream = string.Empty;
context.Request.InputStream.Position = 0;
byte[] bytes = new byte[nLen];
context.Request.InputStream.Read(bytes, 0, Convert.ToInt32(nLen));
strInputStream = Encoding.Default.GetString(bytes);
if (!string.IsNullOrEmpty(strInputStream))
{
List<string> stream = strInputStream.Split('&').ToList<string>();
Dictionary<int, string> data = new Dictionary<int, string>();
if (stream != null && stream.Count > 0)
{
int index = 0;
foreach (string str in stream)
{
if (str.Length > 3 && str.Substring(0, 3) == "txt")
{
string textBoxData = str;
string temp = Server.HtmlEncode(str);
//stream[index] = temp;
data.Add(index, temp);
index++;
开发者_Python百科 }
}
if (data.Count > 0)
{
List<string> streamNew = stream;
foreach (KeyValuePair<int, string> kvp in data)
{
streamNew[kvp.Key] = kvp.Value;
}
string newStream = string.Join("", streamNew.ToArray());
byte[] bytesNew = Encoding.Default.GetBytes(newStream);
if (context.Request.InputStream.CanWrite)
{
context.Request.InputStream.Flush();
context.Request.InputStream.Position = 0;
context.Request.InputStream.Write(bytesNew, 0, bytesNew.Length);
//Request.InputStream.Close();
//Request.InputStream.Dispose();
}
}
}
}
}
}
base.ProcessRequest(context);
}
you have to ser the property validateRequest = false and do the necessary validations over user input manually.
<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>
精彩评论