ASP.NET请求验证例外,甚至在验证已禁用 [英] ASP.NET Request Validation Exception Even When Validation Is Disabled
问题描述
我使用ASP.NET MVC 2,.NET 4.0。
I am using ASP.NET MVC 2, .NET 4.0.
我有一个控制器,禁用请求验证:
I have a controller that disables request validation:
[AcceptVerbs("POST")]
[ValidateInput(false)]
public ActionResult Add(string userId, FormCollection formValues)
{
//...
}
和我仍然得到了Htt prequestValidationException当POST包含HTML:
and I still get a HttpRequestValidationException when a POST contains HTML:
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ThisWeek="").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.Mvc.HttpRequestExtensions.GetHttpMethodOverride(HttpRequestBase request)
at System.Web.Mvc.AcceptVerbsAttribute.IsValidForRequest(ControllerContext controllerContext, MethodInfo methodInfo)
at System.Linq.Enumerable.All[TSource](IEnumerable`1 source, Func`2 predicate)
at System.Web.Mvc.ActionMethodSelector.RunSelectionFilters(ControllerContext controllerContext, List`1 methodInfos)
at System.Web.Mvc.ReflectedControllerDescriptor.FindAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.ControllerActionInvoker.FindAction(ControllerContext controllerContext, ControllerDescriptor controllerDescriptor, String actionName)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.MvcHandler.c__DisplayClass8.b__4()
at System.Web.Mvc.Async.AsyncResultWrapper.c__DisplayClass1.b__0()
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
我需要让输入HTML文本这里的应用程序是一个bug跟踪系统和人在他们的bug提交谈论HTML。我正确处理这个动作的投入和适当编码东西,因为他们重新输出,所以是合理的禁用验证了这一行动。
I need to allow HTML text in the input here as the app is a bug tracking system and people talk about HTML in their bug submissions. I am handling the inputs of this action correctly and appropriately encoding things as they are re-output, so it is reasonable to disable validation for this action.
最近,我们切换到MVC2和.NET 4,这开始出现。从堆栈跟踪,似乎验证正在发生的事情作为HTTP方法覆盖新的支持(制作POST看起来像一个PUT或通过包括特别命名的隐藏输入DELETE)的处理的一部分。但我不知道该怎么告诉子系统停止验证输入。
We recently switched to MVC2 and .NET 4 and this started appearing. From the stack trace, it appears that the validation is happening as part of processing of the new support for HTTP method overrides (making a POST look like a PUT or DELETE by including a specially named hidden input). But I don't know how to tell that subsystem to stop validating the input.
什么我需要做的,使这项工作?
What do I need to do to make this work?
推荐答案
此加入的System.Web
你的web.config的部分:
Add this to system.web
section of your web.config:
<httpRuntime requestValidationMode="2.0" />
这篇关于ASP.NET请求验证例外,甚至在验证已禁用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!