ASP.NET 4 URL限制:为什么URL不能包含任何%3f字符 [英] ASP.NET 4 URL limitations: why URL cannot contain any %3f characters
问题描述
http://site.com/page%3fcharacter
此URL将返回以下错误:
This URL will return the following error:
Illegal characters in path.
我已经把它放在web.config中了
I'm already put this in web.config:
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
<pages validateRequest="false">
...
如何解决此错误?
推荐答案
如果要允许请求通过,则需要添加requestPathInvalidCharacters并将其设置为空字符串:
If you want to allow the request through, you need to add requestPathInvalidCharacters and set it to an empty string:
<system.web>
<httpRuntime requestPathInvalidCharacters="" />
</system.web>
编辑,您应该保留原始问题,因为现在我的答案没有意义了.
Edit You should leave your original question in place, because now my answer does not make sense.
但是在回答您的第二个问题时,这是因为%3f对应于'?' Windows上的文件名中不允许使用.您可以将relaxedUrlToFileSystemMapping属性设置为true来更改此行为:
But in answer to your second question, that it's because %3f corresponds to '?' which is not allowed in file names on Windows. You can set the relaxedUrlToFileSystemMapping property to true to change this behaviour:
<system.web>
<httpRuntime requestPathInvalidCharacters=""
relaxedUrlToFileSystemMapping="true" />
</system.web>
You might want to look through all of the properties in the HttpRuntimeSection class to see if there's any others that might apply.
您还可以实现 RequestValidator 并设置您的web.config以使用您的子类(大概将允许所有URL通过?).就个人而言,我不会打扰,只是让内置类处理它.普通用户不太可能会在路径中每次都偶然键入%3f",为什么要花这么多麻烦来改善恶意用户的用例呢?
You can also implement a sub class of RequestValidator and set up your web.config to use your subclass (that will presumably allow all URLs through?). Personally, I wouldn't bother and just let the built-in classes handle it. It's unlikely that a normal user is every going to accidentally type in "%3f" in a path, and why bother going to so much trouble to improve the use-case for malicious users?
顺便说一下,这实际上是ASP.NET 4的一项新功能,这就是为什么Stack Overflow不会吐出错误的原因:它在.NET 3.5上运行.
This, by the way, is actually a new feature in ASP.NET 4, which is why Stack Overflow doesn't spit out an error: it's running on .NET 3.5.
这篇关于ASP.NET 4 URL限制:为什么URL不能包含任何%3f字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
