从客户端检测到有潜在危险的Request.Form值(textboxError ="<&回应GT;<响应...") [英] A potentially dangerous Request.Form value was detected from the client (textboxError="<Responses><Response...")

查看:264
本文介绍了从客户端检测到有潜在危险的Request.Form值(textboxError ="<&回应GT;<响应...")的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用大关纳克短信网关。我无法给任何短信发送到任何移动。请帮我通过网络发送短信到移动

从客户端(textboxError =检测到有潜在危险的Request.Form值在Page指令或配置节假设置这个值之后,然后你可以通过设置validateRequest =禁用请求验证。然而,强烈建议您的应用程序显式检查所有输入在这种情况下,有关更多信息,请参阅http://go.microsoft.com/fwlink/?LinkId=153133.

异常详细信息:System.Web.Htt prequestValidationException:从客户端检测到有潜在危险的Request.Form值(textboxError =

和我的CS文件是

 使用系统;
使用System.Data这;
使用System.Configuration;
使用的System.Web;
使用System.Web.Security;
使用System.Web.UI程序;
使用System.Web.UI.WebControls;
使用System.Web.UI.WebControls.WebParts;
使用System.Web.UI.HtmlControls;
使用System.Net;
使用System.Text.RegularEx pressions;公共部分类_Default:System.Web.UI.Page
{
    保护无效的Page_Load(对象发件人,EventArgs的发送)
    {
        textboxRecipient.Width = 400;
        textboxMessage.Width = 450;
        textboxMessage.Rows = 10;
        textboxError.Width = 400;
        textboxError.Rows = 5;        textboxError.ForeColor = System.Drawing.Color.Red;
        textboxError.Visible = FALSE;
        textboxError.Text =;        如果(!Page.IsPostBack)
        {
            textboxRecipient.Text =441234567;
            textboxMessage.Text =的Hello World!;
        }
    }    保护无效buttonSendOnClick(对象发件人,EventArgs的发送)
    {
        //需要填写字段:
        如果(textboxRecipient.Text ==)
        {
            textboxError.Text + =收件人(S)字段不能为空\\ n!;
            textboxError.Visible = TRUE;
            返回;
        }        //我们创建必要的URL字符串:
        字符串ozSURL =htt​​p://127.0.0.1; //其中大关NG短信网关运行
        字符串ozSPort =9501; //其中大关NG短信网关的侦听端口号
        字符串ozUser = HttpUtility.UrlEn code(管理); //用户名登录成功
        字符串ozPassw = HttpUtility.UrlEn code(管理); //用户密码
        字符串ozMessageType =短信:TEXT; //消息的类型
        字符串ozRecipients = HttpUtility.UrlEn code(textboxRecipient.Text); //谁就会得到消息
        字符串ozMessageData = HttpUtility.UrlEn code(textboxMessage.Text); //消息体        串createdURL = ozSURL +:+ ozSPort +/ httpapi+
            ?行动=的sendMessage+
            &放大器;用户名=+ ozUser +
            &放大器;密码=+ ozPassw +
            与&为messageType =+ ozMessageType +
            与&收件人=+ ozRecipients +
            与& messageData =+ ozMessageData;        尝试
        {
            //创建请求并通过HTTP连接将数据发送到大关NG短信网关服务器
            HttpWebRequest的myReq =(HttpWebRequest的)WebRequest.Create(createdURL);            //从大关NG短信网关服务器的响应和阅读答案
            HttpWebResponse myResp =(HttpWebResponse)myReq.GetResponse();
            就是System.IO.StreamReader respStreamReader =新就是System.IO.StreamReader(myResp.GetResponseStream());
            字符串responseString = respStreamReader.ReadToEnd();
            respStreamReader.Close();
            myResp.Close();            //通知用户
            textboxError.Text = responseString;
            textboxError.Visible = TRUE;
        }
        赶上(例外)
        {
            //如果发送请求或响应越来越不能成功大关NG短信网关服务器可能不运行
            textboxError.Text =大关NG短信网关服务器没有运行!;
            textboxError.Visible = TRUE;
        }    }
}

和我的ASP页

 <!DOCTYPE HTML PUBLIC -  // W3C // DTD XHTML 1.0过渡// ENhttp://www.w3.org/TR/xhtml1/DTD/ XHTML1-transitional.dtd>< HTML的xmlns =htt​​p://www.w3.org/1999/xhtml>
<头=服务器>
    <标题>吴大关短信网关发送消息和实例LT; /标题>
< /头>
<身体GT;
    <中心及GT;
    <表ID =SMSDATA=服务器>
        < ASP:表ID =smstable=服务器的风格=文本对齐:左;边框宽度:薄;边框颜色:银白色;边框样式=固体>
            < ASP:&的TableRow GT;
                < ASP:TableCell的ColumnSpan =2>
                    < B>撰写消息:LT; / B>
                    < BR />
                    < BR />
                < / ASP:TableCell的>
            < / ASP:&的TableRow GT;
            < ASP:&的TableRow GT;
                < ASP:TableCell的Horizo​​ntalAlign =左VerticalAlign =评出的>
                    < ASP:标签ID =labelRecipient=服务器文本=收件人:>< / ASP:标签>
                < / ASP:TableCell的>
                < ASP:TableCell的>
                    < ASP:文本框ID =textboxRecipient=服务器>< / ASP:文本框>
                < / ASP:TableCell的>
            < / ASP:&的TableRow GT;
            < ASP:&的TableRow GT;
                < ASP:TableCell的Horizo​​ntalAlign =左VerticalAlign =评出的>
                    < ASP:标签ID =labelMessage=服务器文本=消息文本:>< / ASP:标签>
                < / ASP:TableCell的>
                < ASP:TableCell的>
                    < ASP:文本框ID =textboxMessage=服务器的TextMode =多行>< / ASP:文本框>
                < / ASP:TableCell的>
            < / ASP:&的TableRow GT;
            < ASP:&的TableRow GT;
                < ASP:TableCell的ColumnSpan =2Horizo​​ntalAlign =中心>
                    < ASP:按钮的ID =buttonSend=服务器文本=发送信息的OnClick =buttonSendOnClick/>
                < / ASP:TableCell的>
            < / ASP:&的TableRow GT;
            < ASP:&的TableRow GT;
                < ASP:TableCell的ColumnSpan =2Horizo​​ntalAlign =中心>
                    < ASP:文本框ID =textboxError=服务器边框=无的TextMode =多行>< / ASP:文本框>
                < / ASP:TableCell的>
            < / ASP:&的TableRow GT;
        < / ASP:表>
    < /表及GT;
    < /中心及GT;
< /身体GT;
< / HTML>


解决方案

您的问题是,你的领域之一(textboxError)的价值包括XML或HTML风格的标签,在默认情况下是不允许的,以避免开发人员带来潜在的他们的应用程序中的安全问题。

溶液在错误消息给出你需要在无论是在顶部(样品中省略)@Page指令或在web.config中添加 validateRequest =false的

请注意,如果你使用.NET 4中,您需要从2.0回落到验证方式,通过稍微改变web.config中,加入:

 <&的System.Web GT;
    <的httpRuntime requestValidationMode =2.0/>
< /system.web>

请参阅this在requestValidationMode MSDN文章关于requestValidationMode更多信息。

I'm using ozeki ng SMS gateway. I'm unable to send any SMS to any mobile. Please help me to send SMS through net to mobile

A potentially dangerous Request.Form value was detected from the client (textboxError=". After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (textboxError="

AND my cs file is

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net;
using System.Text.RegularExpressions;

public partial class _Default : System.Web.UI.Page 
{


    protected void Page_Load(object sender, EventArgs e)
    {
        textboxRecipient.Width = 400;
        textboxMessage.Width = 450;
        textboxMessage.Rows = 10;
        textboxError.Width = 400;
        textboxError.Rows = 5;

        textboxError.ForeColor = System.Drawing.Color.Red;
        textboxError.Visible = false;
        textboxError.Text = "";

        if (!Page.IsPostBack)
        {
            textboxRecipient.Text = "+441234567";
            textboxMessage.Text = "Hello World!";
        }
    }

    protected void buttonSendOnClick(object sender, EventArgs e)
    {
        //are required fields filled in:
        if (textboxRecipient.Text == "")
        {
            textboxError.Text += "Recipient(s) field must not be empty!\n";
            textboxError.Visible = true;
            return;
        }

        //we creating the necessary URL string:
        string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running
        string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening
        string ozUser = HttpUtility.UrlEncode("admin"); //username for successful login
        string ozPassw = HttpUtility.UrlEncode("admin"); //user's password
        string ozMessageType = "SMS:TEXT"; //type of message
        string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); //who will get the message
        string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); //body of message

        string createdURL = ozSURL + ":" + ozSPort + "/httpapi" +
            "?action=sendMessage" +
            "&username=" + ozUser +
            "&password=" + ozPassw +
            "&messageType=" + ozMessageType +
            "&recipient=" + ozRecipients +
            "&messageData=" + ozMessageData;

        try
        {
            //Create the request and send data to Ozeki NG SMS Gateway Server by HTTP connection
            HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL);

            //Get response from Ozeki NG SMS Gateway Server and read the answer
            HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();
            System.IO.StreamReader respStreamReader = new System.IO.StreamReader(myResp.GetResponseStream());
            string responseString = respStreamReader.ReadToEnd();
            respStreamReader.Close();
            myResp.Close();

            //inform the user
            textboxError.Text = responseString;
            textboxError.Visible = true;
        }
        catch (Exception)
        {
            //if sending request or getting response is not successful Ozeki NG SMS Gateway Server may do not run
            textboxError.Text = "Ozeki NG SMS Gateway Server is not running!";
            textboxError.Visible = true;
        }

    }
}

and my asp page is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Ozeki NG SMS Gateway Message Sending Example</title>
</head>
<body>
    <center>
    <form id="smsdata" runat="server">
        <asp:Table id="smstable" runat="server" style="text-align:left; border-width:thin; border-color:Silver;" BorderStyle="Solid">
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2">
                    <b>Compose a message:</b>
                    <br />
                    <br />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelRecipient" runat="server" Text="Recipient: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxRecipient" runat="server"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelMessage" runat="server" Text="Message Text: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxMessage" runat="server" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:Button ID="buttonSend" runat="server" Text="Send Message" OnClick="buttonSendOnClick" />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:TextBox ID="textboxError" runat="server" BorderStyle="None" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
        </asp:Table>
    </form>
    </center>
</body>
</html>

解决方案

Your problem is that the value of one of your fields (textboxError) includes XML- or HTML-style tags, which by default are disallowed to avoid developers introducing potential security issues within their applications.

The solution is given in the error message; you need to add validateRequest="false" in either the @Page directive at the top (omitted in your sample) or in web.config.

Note that if you're using .net 4, you need to drop back to the validation mode from 2.0, by altering web.config slightly and adding:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
</system.web>

See this MSDN article on requestValidationMode for more information on requestValidationMode.

这篇关于从客户端检测到有潜在危险的Request.Form值(textboxError =&QUOT;&LT;&回应GT;&LT;响应...&QUOT;)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆