从客户端检测到危险的Request.Cookies值 [英] Dangerous Request.Cookies value was detected from the client

问题描述

我处于工作状态，因为我突然开始收到此错误:

System.Web.dll中发生了类型为'System.Web.HttpRequestValidationException'的异常，但未在用户代码中处理

其他信息:从客户端检测到一个潜在危险的Request.Cookies值(CustomerRegionName =&#214").

我知道有关此问题的话题已经很多，并且我已经尝试了所有见过的答案，最常见的是以下情况:

使用httpRuntime requestValidationMode ="2.0"
在您的web.config中(保留该元素上已经拥有的所有属性，如果该元素已经存在的话).ASP.NET4.0否则会忽略ValidateRequest.摘自:此处

我正在建立一个网站，其中大多数输入都使用瑞典语，因此为了防止浏览器出现问题，我借助HttpUtility类对所有cookie值进行了编码.

这意味着诸如Örebro"之类的值将被编码为以下内容:％c3％96rebro.

由于某种原因，.net框架认为这是一种危险的价值.

我绝对不知道该怎么做...任何帮助将不胜感激.

解决方案

为避免此错误，请将您的字符串转换为该字符串的十六进制表示形式.可以使用以下代码完成此操作:

  string ConvertedString = BitConverter.ToString(Encoding.Default.GetBytes(YourString)); 

请注意，此字符串将以-"(即4f-cc-12-ab)成对的十六进制形式.

当您读回它时，使用如下代码将其恢复到原始字符串，假设您将编码后的字符串读回到字符串zBackInHex中:

  string zHex =(zBackInHex.Replace(-"，");byte [] ba =新字节[zHex.Length/2]；//zHex中每两个字符一个字节for(int ZZ = 0; ZZ< ba.Length; ZZ ++){ba [ZZ] = Convert.ToByte(zHex.Substring(ZZ * 2，2)，16);}字符串zBackIn = Encoding.ASCII.GetString(ba);//原始字符串 

我从另一篇文章中得到了这种方法的想法.我会给予荣誉，但我不记得最初在哪里看到的.

I am in quite the situation here at work as I´m all of a sudden starts getting this error:

An exception of type 'System.Web.HttpRequestValidationException' occurred in System.Web.dll but was not handled in user code

Additional information: A potentially dangerous Request.Cookies value was detected from the client (CustomerRegionName="&#214").

I know that there are several threads about this issue already, and I´ve tried all of the answers I have seen, the most common being the following:

Use httpRuntime requestValidationMode="2.0"
in your web.config (keeping any attributes you already have on that element, if it's already there). ASP.NET4.0 ignores ValidateRequest otherwise. Taken from: Here

I am building a website where most input is in Swedish, so to prevent browserproblems I encode all cookie values with the help of HttpUtility class.

That means that A value like "Örebro" will be encoded to something like this: %c3%96rebro.

And for some reason .net framework thinks that this is some kind of dangerous value.

I have absolutely no idea what to do here... Any help would be greatly appreciated.

解决方案

To avoid this error, convert your string into a hexadecimal representation of the string. This can be done with code like this:

string ConvertedString = BitConverter.ToString(Encoding.Default.GetBytes(YourString));

Note that this string will have the hex separated into pairs with "-" (i.e., 4f-cc-12-ab).

When you read it back, restore it to the original string with code like this, assuming your read the encoded string back into string zBackInHex:

string zHex = (zBackInHex.Replace("-", "");
byte[] ba = new byte[zHex.Length / 2];  //One byte for each two chars in zHex
for(int ZZ = 0; ZZ < ba.Length; ZZ++){
   ba[ZZ] = Convert.ToByte(zHex.Substring(ZZ * 2, 2), 16);
}
string zBackIn = Encoding.ASCII.GetString(ba);  //The original string

I got the idea for this method from another post. I'd give credit, but I don't remember where I originally saw it.

这篇关于从客户端检测到危险的Request.Cookies值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！