requestValidationMode 4.5 VS 2.0 [英] requestValidationMode 4.5 vs 2.0

问题描述

有requestValidationMode =4.5和requestValidationMode =2.0有区别吗？我有一个.NET 4.5的应用程序，有我不想验证，因为用户可以在输入HTML标记的控件：

Is there a difference between requestValidationMode="4.5" and requestValidationMode="2.0"? I have a .net 4.5 application, there is a control which I don't want to validate, as users can enter html tags in:

<asp:TextBox ID="txtTitle" runat="server" ValidateRequestMode="Disabled" />

在我的web.config我有：

in my web.config i have:

<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">...</compilation> 
<httpRuntime targetFramework="4.5" requestValidationMode="2.0"  />

只要将从客户端检测到有潜在危险的Request.Form值... -

最初我已经把requestValidationMode =4.5，但没有工作，我仍然会获得有关标记错误提交表单。但是，如果我将它设置为requestValidationMode =2.0它的工作原理，我能够打pageLoad的和连接code从该字段的值。

initially I have put requestValidationMode="4.5" but that didn't work, I would still get the error about the tags - "A potentially dangerous Request.Form value was detected from the client ..." as soon as would submit the form. However if I set it to requestValidationMode="2.0" it works, i'm able to hit the PageLoad and encode the value from that field.

推荐答案

是这两者之间的差异。任何requestValidationMode指定为4.0或以上将采用4.0方式规定为4.0以下将使用2.0方式的任何requestValidationMode。下面是两个的描述：

Yes there is a difference between the two. Anything requestValidationMode specified as 4.0 or above will use the 4.0 way and any requestValidationMode specified as below 4.0 will use the 2.0 way. Below is a description of the two:

<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx\">http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx

4.0（默认值）。该型Htt prequest对象在内部设置一个标志，指示，只要任何HTTP请求数据访问请求验证应被触发。这保证了请求期间被访问，如饼干和URL数据之前请求验证被触发。页面元素（如果有的话）的配置文件或@ Page指令中的单个页面的请求验证设置被忽略。

4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.

2.0。请求验证只对网页启用，不是所有的HTTP请求。此外，该网页的元素（如果有的话）在配置文件或在一个单独的页@ Page指令的请求验证设置用于确定要验证的页面的请求。

2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

作为一个说明：还有其他的解决方案，因为你正在使用asp.net 4.5，你可能需要将其看验证在每个控制水平，这样你可以在4.5留在web.config中requestValidationMode财产只有改变它在需要它的控制。
<一href=\"http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx\">http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx

As a note: There are other solutions, since you are using asp.net 4.5 you may want to look it to validating on a per control level, that way you can leave the requestValidationMode property in the web.config at 4.5 and only change it on controls that need it. http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx

这篇关于requestValidationMode 4.5 VS 2.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！