在Asp.Net中的Request.Form中设置值 [英] Set Values in Request.Form In Asp.Net

问题描述

先生/妈妈，
任何人请帮助我.
我正在尝试在
中设置值 以下方式，但我遇到了错误
像Collection是只读的.

Sir/Mam,
any body please help me.
I m trying to set value in
following way but i got a error
like Collection is read only.

Request.Form["input"] = a.Details;

任何帮助都会对我有帮助
谢谢

any help will be helpful for me
Thanks

推荐答案

Request.Form集合是只读的东西.您不能直接对其进行修改，但可以使用 reflection API 对其进行修改.

看看下面讨论相同问题的线程:
链接1 [链接2 [ ^ ]

Request.Form collection is read-only thing. You cannot directly modify it but can use reflection API in order to modify it.

Have a look at following threads discussing the same thing:
Link 1[^]
Link 2[^]

该主题已有6个月的历史了，但希望你们也能对我有所帮助.我的情况下，我需要修改Request.Form值以防止受到XSS的攻击.而且，它不是来自文本输入字段的标准用户定义形式变量.

它是由框架生成的变量，例如__VIEWSTATE或__EVENTVALIDATION.如果有人用这些变量之一在POST请求中添加了诸如"fdd21< script> alert(1)</script> 8bc0360a7eb"之类的值，则会执行JavaScript.页面可能会引发错误，但是脚本仍在客户端上执行.

由于某种原因ValidateRequest ="true"在这种情况下无济于事，所以我正在考虑手动检查和更改Request集合.还是有其他方法?

谢谢！

This thread is 6 month old, but hopefully you guys can help me as well. I my case I need to modify Request.Form values to protect from XSS. And no it''s not a standard user-defined form variables that come from text input fields.

It''s variables generated by framework, like __VIEWSTATE or __EVENTVALIDATION. If someone doctors a POST request with value like "fdd21<script>alert(1)</script>8bc0360a7eb" in one of those variables - the JavaScript gets executed. Page may throw an error, but the script is still executing on the client.

For some reason ValidateRequest = "true" does not help in this case, so I am thinking of manually checking and changing Request collection. Or is there other way?

Thanks!

我正在阅读 Insider [ ^ ]的故事，这是我一直都注意到的东西，尤其是以这种形式.

您正在要求一种做某事不可能的方法.让我们回到绘图板上.您要解决的问题是什么?如果您可以与我们分享，我相信您会找到很多解决问题的方法，但是肯定弄不清Request.Form并不是其中一种.

如果您听不懂我说的话，让我给您一个比喻.让我们假设您的好朋友借给您他的汽车或摩托车.你需要去某个地方.您唯一需要担心的是向其中添加汽油/汽油.您会去改变汽车/摩托车的框架吗?不，你不会.明智的做法是，您无需向Request.Form添加任何内容.期间.

I was reading one of the Insider[^] stories and it is something I notice all the time, specially in this forms.

You are asking for a method to do something which is not possible. Let us go back to the drawing board. What is the problem you are tying to solve? If you can share that with us, I am sure you will get many ways of solving it, but definitely messing around with Request.Form is not one of them.

Let me give you an analogy if you did not get what I said. Let us assume your good friend lent you his car or motorcycle. You need to go somewhere. The ONLY thing you need to be concerned is to add a gasoline/petrol to it. Would you go about changing the frame of the car/motorcycle? No you don''t. Like wise you don''t need to add anything to Request.Form. Period.

这篇关于在Asp.Net中的Request.Form中设置值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！