ASP.NET 4 URL 限制:为什么 URL 不能包含任何 %3f 字符 [英] ASP.NET 4 URL limitations: why URL cannot contain any %3f characters

问题描述

http://site.com/page%3fcharacter

此 URL 将返回以下错误:

This URL will return the following error:

Illegal characters in path.

我已经把它放在 web.config 中了:

I'm already put this in web.config:

<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
<pages validateRequest="false"> 
...

我该如何解决这个错误?

How can I fix this error?

推荐答案

如果要允许请求通过，需要添加requestPathInvalidCharacters并设置为空字符串:

If you want to allow the request through, you need to add requestPathInvalidCharacters and set it to an empty string:

<system.web>
    <httpRuntime requestPathInvalidCharacters="" />
</system.web>

编辑你应该保留你原来的问题，因为现在我的回答没有意义.

Edit You should leave your original question in place, because now my answer does not make sense.

但是在回答您的第二个问题时，这是因为 %3f 对应于 '?'这在 Windows 上的文件名中是不允许的.您可以将 relaxedUrlToFileSystemMapping 属性设置为 true 以更改此行为:

But in answer to your second question, that it's because %3f corresponds to '?' which is not allowed in file names on Windows. You can set the relaxedUrlToFileSystemMapping property to true to change this behaviour:

<system.web>
    <httpRuntime requestPathInvalidCharacters=""
                 relaxedUrlToFileSystemMapping="true" />
</system.web>

您可能想要查看 HttpRuntimeSection 类，看看是否还有其他可能适用的类.

You might want to look through all of the properties in the HttpRuntimeSection class to see if there's any others that might apply.

您还可以实现RequestValidator<的子类/a> 并设置您的 web.config 以使用您的子类(这可能允许所有 URL 通过?).就个人而言，我不会打扰，只是让内置类处理它.普通用户不太可能意外在路径中输入%3f"，为什么要费心去改进恶意用户的用例?

You can also implement a sub class of RequestValidator and set up your web.config to use your subclass (that will presumably allow all URLs through?). Personally, I wouldn't bother and just let the built-in classes handle it. It's unlikely that a normal user is every going to accidentally type in "%3f" in a path, and why bother going to so much trouble to improve the use-case for malicious users?

顺便说一下，这实际上是 ASP.NET 4 中的一个新功能，这就是 Stack Overflow 不会吐出错误的原因:它在 .NET 3.5 上运行.

This, by the way, is actually a new feature in ASP.NET 4, which is why Stack Overflow doesn't spit out an error: it's running on .NET 3.5.

这篇关于ASP.NET 4 URL 限制:为什么 URL 不能包含任何 %3f 字符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！