开发者

List of Input Values which will cause the "A potentially dangerous Request.Form value was detected..." error

I know the < and > characters will cause this error, but what other characters/inputs开发者_如何学Go will cause this error?

I'm testing for this error in the Global.asax, and reridrecting to an error page where I want to list all possible values which cause this error, so the user can go back to their page and get rid of them.

I've done some googling, but all I see so far are the < and > characters...surely there are more out there.


Here is the actual complete list of inputs that will cause the error:

<(any a-z character)  
<!  
</
<?
&#

Note that an angle bracket on it own '<' will not cause an exception.

There is a similar question that has a more complete answer including some code, which is where I derived the list from.

Of course you could always look here for the rest of it if you are concerned.


No, < is not the only character combination that will cause it. &# will cause it as well.


 ASP.NET helps protect against script exploits that are disguised as URLs by
 checking for potentially dangerous strings, such as "<!", "</", and "<?".

http://msdn.microsoft.com/en-us/library/w1sw53ds.aspx

from: http://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception.aspx

Update: This answer was based on .net 4.0.; for updated tags see https://stackoverflow.com/a/25405146/14753

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜