什么requestValidationMode 2.0和4.0之间的差 [英] What's the difference between requestValidationMode 2.0 and 4.0

问题描述

下面是definations从MSDN，

here are the definations from MSDN,

4.0（默认值）。该型Htt prequest对象在内部设置一个标志，指示，只要任何HTTP请求数据访问请求验证应被触发。这保证了请求期间被访问，如饼干和URL数据之前请求验证被触发。页面元素（如果有的话）的配置文件或@ Page指令中的单个页面的请求验证设置被忽略。

4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.

2.0。请求验证只对网页启用，不是所有的HTTP请求。此外，该网页的元素（如果有的话）在配置文件或在一个单独的页@ Page指令的请求验证设置用于确定要验证的页面的请求。

2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

但我不明白，可以帮忙解释一下呢？

but I don't follow, can some help to explain a little bit?

推荐答案

您可能有一个看的这个

把它看成是从.aspx页，不仅要求被验证了的恶意请求，而不是所有的请求都验证。这可能会导致它打破网站及其功能，如果他们是从2.0升级到4.0

Think of it as that not only request from .aspx pages are validated for malicous requests, rather than all requests are validated. This might result it websites breaking their functionality if they were upgraded from 2.0 to 4.0

说实话，我不知道现在为什么某些请求失败。到目前为止，我只把我的4.0应用程序返回到2.0验证

To be honest, I don't now why certain request fail. So far I've only set my 4.0 apps back to 2.0 validation

<httpRuntime requestValidationMode="2.0" />

这篇关于什么requestValidationMode 2.0和4.0之间的差的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！