潜在危险的要求 [英] Potentially dangerous request

问题描述

我创建了一个网页，用户可以在其中填写他的详细信息。点击按钮后，用户被重定向到另一个页面。假设用户在地址中输入包含'<'或'>'的内容我正用它的htmlencode更改它字符通过javascript onclientclick按钮事件，以避免错误'潜在危险的请求'。并再次点击按钮事件，将htmlencode字符替换为'<'或'>'。当用户使用浏览器的后退按钮时。他会看到html编码字符不是'<'或'>'。为什么会发生这种情况，我已经改为'<'？。如何处理？我正在使用内容页面？

I created web page where user can fill his detail.After clicking on button,user is redirected to another page.Suppose user enter something in address which include '<' or '>'I am changing it with it's htmlencode character through javascript onclientclick event of button to avoid error 'potentially dangerous Request'. and onclick event of button again,replacing htmlencode character to '<' or '>'.When user use browser's back button.He will see html encode character not '<' or '>'.Why this is happening,I already changed to '<' ?.How to handle this?I am using content page?

推荐答案

正如F-ES Sitecore建议：



而不是使用JavaScript更改用户输入（这是不安全的 - 如果他们禁用了JavaScript会怎么样？） - 你最好在PostBack之后在代码中对它进行清理（并设置ValiodateRequest =页面指​​令中的False以避免潜在危险请求错误。）



如果您希望人们能够输入有角度的括号，则禁用验证但是注意这意味着什么。虽然不是在代码隐藏中转换文本，但最好保持原样并在显示时对其进行编码。这样人们仍然可以编辑数据，它将完全按照输入的方式显示。

As F-ES Sitecore suggests:

Rather than changing the user input using JavaScript (which is unsafe - what if they have JavaScript disabled?) - you'd do better to sanitise it in code after PostBack (and set ValiodateRequest="False" in the page directive to avoid the 'potentially dangerous Request' error).

If you want people to be able to enter angled brackets then disable validation but be mindful of what this means. Although rather than converting the text in code-behind, it might be better to leave it as it is and encode it when you display it. That way people can still "edit" the data and it will appear exactly as they entered it.

这篇关于潜在危险的要求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！