List of Input Values which will cause the "A potentially dangerous Request.Form value was detected..." error
I know the < and > characters will cause this error, but what other characters/inputs开发者_如何学Go will cause this error?
I'm testing for this error in the Global.asax, and reridrecting to an error page where I want to list all possible values which cause this error, so the user can go back to their page and get rid of them.
I've done some googling, but all I see so far are the < and > characters...surely there are more out there.
Here is the actual complete list of inputs that will cause the error:
<(any a-z character)
<!
</
<?
&#
Note that an angle bracket on it own '<' will not cause an exception.
There is a similar question that has a more complete answer including some code, which is where I derived the list from.
Of course you could always look here for the rest of it if you are concerned.
No, < is not the only character combination that will cause it. &# will cause it as well.
ASP.NET helps protect against script exploits that are disguised as URLs by
checking for potentially dangerous strings, such as "<!", "</", and "<?".
http://msdn.microsoft.com/en-us/library/w1sw53ds.aspx
from: http://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception.aspx
Update: This answer was based on .net 4.0.; for updated tags see https://stackoverflow.com/a/25405146/14753
精彩评论