开发者

Change HttpContext.Request.InputStream

I am getting lot of errors for HttpRequestValidationException in my event log.

Is it possible to HTMLEncode all the inputs from override of ProcessRequest on web page. I have tried this but it gives context.Request.InputStream.CanWrite == false always.

Is there any way to HTMLEncode all the feilds when request is made?

public override void ProcessRequest(HttpContext context)
            {
                if (context.Request.InputStream.CanRead)
                {
                    IEnumerator en = HttpContext.Current.Request.Form.GetEnumerator();
                    while (en.MoveNext())
                    {
                        //Response.Write(Server.HtmlEncode(en.Current + " = " +
                        //HttpContext.Current.Request.Form[(string)en.Current]));
                    }

                    long nLen = context.Request.InputStream.Length;
                    if (nLen > 0)
                    {
                        string strInputStream = string.Empty;

                        context.Request.InputStream.Position = 0;
                        byte[] bytes = new byte[nLen];
                        context.Request.InputStream.Read(bytes, 0, Convert.ToInt32(nLen));
                        strInputStream = Encoding.Default.GetString(bytes);
                        if (!string.IsNullOrEmpty(strInputStream))
                        {
                            List<string> stream = strInputStream.Split('&').ToList<string>();
                            Dictionary<int, string> data = new Dictionary<int, string>();
                            if (stream != null && stream.Count > 0)
                            {
                                int index = 0;
                                foreach (string str in stream)
                                {
                                    if (str.Length > 3 && str.Substring(0, 3) == "txt")
                                    {
                                        string textBoxData = str;
                                        string temp = Server.HtmlEncode(str);
                                        //stream[index] = temp;
                                        data.Add(index, temp);
                                        index++;
         开发者_Python百科                           }
                                }

                                if (data.Count > 0)
                                {
                                    List<string> streamNew = stream;
                                    foreach (KeyValuePair<int, string> kvp in data)
                                    {
                                        streamNew[kvp.Key] = kvp.Value;
                                    }

                                    string newStream = string.Join("", streamNew.ToArray());

                                    byte[] bytesNew = Encoding.Default.GetBytes(newStream);

                                    if (context.Request.InputStream.CanWrite)
                                    {

                                        context.Request.InputStream.Flush();
                                        context.Request.InputStream.Position = 0;
                                        context.Request.InputStream.Write(bytesNew, 0, bytesNew.Length);
                                        //Request.InputStream.Close();
                                        //Request.InputStream.Dispose();
                                    }
                                }
                            }
                        }
                    }
                }


                base.ProcessRequest(context);
            }


you have to ser the property validateRequest = false and do the necessary validations over user input manually.

<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜