从客户端检测到危险的Request.Cookies值 [英] Dangerous Request.Cookies value was detected from the client
问题描述
我处于工作状态,因为我突然开始收到此错误:
System.Web.dll中发生了类型为'System.Web.HttpRequestValidationException'的异常,但未在用户代码中处理
其他信息:从客户端检测到一个潜在危险的Request.Cookies值(CustomerRegionName =Ö").
我知道有关此问题的话题已经很多,并且我已经尝试了所有见过的答案,最常见的是以下情况:
使用httpRuntime requestValidationMode ="2.0"
在您的web.config中(保留该元素上已经拥有的所有属性,如果该元素已经存在的话).ASP.NET4.0否则会忽略ValidateRequest.摘自:此处 >
我正在建立一个网站,其中大多数输入都使用瑞典语,因此为了防止浏览器出现问题,我借助HttpUtility类对所有cookie值进行了编码.
这意味着诸如Örebro"之类的值将被编码为以下内容:%c3%96rebro.
由于某种原因,.net框架认为这是一种危险的价值.
我绝对不知道该怎么做...任何帮助将不胜感激.
为避免此错误,请将您的字符串转换为该字符串的十六进制表示形式.可以使用以下代码完成此操作:
string ConvertedString = BitConverter.ToString(Encoding.Default.GetBytes(YourString));
请注意,此字符串将以-"(即4f-cc-12-ab)成对的十六进制形式.
当您读回它时,使用如下代码将其恢复到原始字符串,假设您将编码后的字符串读回到字符串zBackInHex中:
string zHex =(zBackInHex.Replace(-",");byte [] ba =新字节[zHex.Length/2];//zHex中每两个字符一个字节for(int ZZ = 0; ZZ< ba.Length; ZZ ++){ba [ZZ] = Convert.ToByte(zHex.Substring(ZZ * 2,2),16);}字符串zBackIn = Encoding.ASCII.GetString(ba);//原始字符串
我从另一篇文章中得到了这种方法的想法.我会给予荣誉,但我不记得最初在哪里看到的.
I am in quite the situation here at work as I´m all of a sudden starts getting this error:
An exception of type 'System.Web.HttpRequestValidationException' occurred in System.Web.dll but was not handled in user code
Additional information: A potentially dangerous Request.Cookies value was detected from the client (CustomerRegionName="Ö").
I know that there are several threads about this issue already, and I´ve tried all of the answers I have seen, the most common being the following:
Use
httpRuntime requestValidationMode="2.0"
in your web.config (keeping any attributes you already have on that element, if it's already there). ASP.NET4.0 ignores ValidateRequest otherwise.
Taken from: Here
I am building a website where most input is in Swedish, so to prevent browserproblems I encode all cookie values with the help of HttpUtility class.
That means that A value like "Örebro" will be encoded to something like this: %c3%96rebro.
And for some reason .net framework thinks that this is some kind of dangerous value.
I have absolutely no idea what to do here... Any help would be greatly appreciated.
To avoid this error, convert your string into a hexadecimal representation of the string. This can be done with code like this:
string ConvertedString = BitConverter.ToString(Encoding.Default.GetBytes(YourString));
Note that this string will have the hex separated into pairs with "-" (i.e., 4f-cc-12-ab).
When you read it back, restore it to the original string with code like this, assuming your read the encoded string back into string zBackInHex:
string zHex = (zBackInHex.Replace("-", "");
byte[] ba = new byte[zHex.Length / 2]; //One byte for each two chars in zHex
for(int ZZ = 0; ZZ < ba.Length; ZZ++){
ba[ZZ] = Convert.ToByte(zHex.Substring(ZZ * 2, 2), 16);
}
string zBackIn = Encoding.ASCII.GetString(ba); //The original string
I got the idea for this method from another post. I'd give credit, but I don't remember where I originally saw it.
这篇关于从客户端检测到危险的Request.Cookies值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!