validaterequest = false和eventvaldation = false与page指令有什么区别? [英] what is the difference between validaterequest=false and eventvaldation=false into page directive?
本文介绍了validaterequest = false和eventvaldation = false与page指令有什么区别?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hii团队,
在页面指令中,validaterequest = false和eventvaldation = false之间有什么区别?
我在google上阅读它但两者都具有相同的功能......如此混乱..如果我们对这个属性使用false,那就好了吗???
Hii Team ,
what is the difference between validaterequest=false and eventvaldation=false into page directive?
I read it on google but both has same functionlity ... so confused .. is it nice if we use false to this attributes.. ??
推荐答案
ValidateRequest :
Indicates whether request validation should occur. If true, request validation checks all input data against a hard-coded list of potentially dangerous values. If a match occurs, an HttpRequestValidationException exception is thrown. The default is true.
This feature is enabled in the machine configuration file (Machine.config). You can disable it in your application configuration file (Web.config) or on the page by setting this attribute to false.
This functionality helps reduce the risk of cross-site scripting attacks for straightforward pages and ASP.NET applications. An application that does not properly validate user input can suffer from many types of malformed input attacks, including cross-site scripting and Microsoft SQL Server injection attacks. There is no substitute for carefully evaluating all forms of input in an application and making sure that they are either properly validated or encoded, or that the application is escaped prior to manipulating data or sending information back to the client.
EnableEventValidation :
Enables validation of events in postback and callback scenarios. true if events are being validated; otherwise, false. The default is true.
Page event validation reduces the risk of unauthorized postback requests and callbacks. When the enableEventValidation property is set to true, ASP.NET allows only the events that can be raised on the control during a postback request or callback. With this model, a control registers its events during rendering and then validates the events during the post-back or callback handling. All event-driven controls in ASP.NET use this feature by default.
It is strongly recommended that you do not disable event validation. Before disabling event validation, you should be sure that no postback could be constructed that would have an unintended effect on your application.
参考:< a href =http://msdn.microsoft.com/en-us/library/vstudio/ydy4x04a%28v=vs.100%29.aspx> checkhere
检查以下链接。
链接 [ ^ ]这将帮助您
check the following link.
link[^] this will helps you
页面.EnableEventValidation :获取或设置一个值,该值指示页面是否验证回发和回调事件。 (参见文档 [< a href =http://msdn.microsoft.com/en-us/library/system.web.ui.page.enableeventvalidation(v=vs.110).aspx\"target =_ blanktitle =New Window > ^ ])
PagesSection.ValidateRequest :获取或设置一个值,该值确定ASP.NET是否检查浏览器中输入的危险值。请参阅(文档 [< a href =http://msdn.microsoft.com/en-us/library/system.web.configuration.pagessection.validaterequest(v=vs.110).aspx\"target =_ blanktitle =New Window > ^ ])
-KR
Page.EnableEventValidation :Gets or sets a value indicating whether the page validates postback and callback events. (see documentation[^])
PagesSection.ValidateRequest :Gets or sets a value that determines whether ASP.NET examines input from the browser for dangerous values. See (documentation[^])
-KR
这篇关于validaterequest = false和eventvaldation = false与page指令有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
