从客户端检测到有潜在危险的Request.Form值( [英] A potentially dangerous Request.Form value was detected from the client (
问题描述
可能重复:结果
<一href=\"http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client\">A可能是从客户端检测到危险的Request.Form值
块引用>我收到错误消息:结果
A可能是从客户端检测到危险的Request.Form值
(ctl00 $ $日程地址搜索Maincontent = textboxError ...结果我跑asp.net后(C#)Web应用程序。我该如何解决?
下面是我的code。
使用系统;
使用System.Data这;
使用System.Configuration;
使用的System.Web;
使用System.Web.Security;
使用System.Web.UI程序;
使用System.Web.UI.WebControls;
使用System.Web.UI.HtmlControls;
使用System.Net;
使用System.Text.RegularEx pressions;命名空间SMS
{
公共部分类_Default:System.Web.UI.Page
{
保护无效的Page_Load(对象发件人,EventArgs的发送)
{
textboxRecipient.Width = 400;
textboxMessage.Width = 450;
textboxMessage.Rows = 10;
textboxError.Width = 400;
textboxError.Rows = 5; textboxError.ForeColor = System.Drawing.Color.Red;
textboxError.Visible = FALSE;
textboxError.Text =; 如果(!Page.IsPostBack)
{
textboxRecipient.Text =85593840396;
textboxMessage.Text =的Hello World!;
}
}
保护无效buttonSendOnClick(对象发件人,EventArgs的发送)
{ 如果(textboxRecipient.Text ==)
{
textboxError.Text + =收件人(S)字段不能为空\\ n!;
textboxError.Visible = TRUE;
返回;
}
字符串ozSURL =http://127.0.0.1; //其中大关NG短信网关运行
字符串ozSPort =9501; //其中大关NG短信网关的侦听端口号
字符串ozUser = HttpUtility.UrlEn code(tenh); //用户名登录成功
字符串ozPassw = HttpUtility.UrlEn code(tenh123); //用户密码
字符串ozMessageType =短信:TEXT; //消息的类型
字符串ozRecipients = HttpUtility.UrlEn code(textboxRecipient.Text);
字符串ozMessageData = HttpUtility.UrlEn code(textboxMessage.Text); 串createdURL = ozSURL +:+ ozSPort +/ httpapi+
?行动=的sendMessage+
&放大器;用户名=+ ozUser +
&放大器;密码=+ ozPassw +
与&amp;为messageType =+ ozMessageType +
与&amp;收件人=+ ozRecipients +
与&amp; messageData =+ ozMessageData; 尝试
{ HttpWebRequest的myReq =(HttpWebRequest的)WebRequest.Create(createdURL);
HttpWebResponse myResp =(HttpWebResponse)myReq.GetResponse();
就是System.IO.StreamReader respStreamReader =新 就是System.IO.StreamReader(myResp.GetResponseStream());
字符串responseString = respStreamReader.ReadToEnd();
respStreamReader.Close();
myResp.Close(); //通知用户
textboxError.Text = responseString;
textboxError.Visible = TRUE;
}
赶上(例外)
{ textboxError.Text =大关NG短信网关服务器没有运行!;
textboxError.Visible = TRUE;
} }
}
}我已经C $ CS下面我的web.config加$:
validateRequest =假和requestValidationMode =2.0
解决方案不知道为什么
validateRequest =false的
不工作。 错误原因:因为你是从一个网页,其中包含HTML标签和文本框文本属性不允许HTML字符串分配给它,所以你必须要使用的HTML标签转换的方法获取数据的相当于code。
使用 HTML.En code 而分配方法responseString
到textboxError.Text
。这种方法潜在的不安全字符转换为它们的HTML-CN codeD等价的。textboxError.Text = Server.HTMLEn code(responseString);
Possible Duplicate:
A potentially dangerous Request.Form value was detected from the clientI got error messages:
A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$textboxError=...
after I run asp.net (C#) web application. how can I fix it?Here is my code.
using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using System.Net; using System.Text.RegularExpressions; namespace SMS { public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { textboxRecipient.Width = 400; textboxMessage.Width = 450; textboxMessage.Rows = 10; textboxError.Width = 400; textboxError.Rows = 5; textboxError.ForeColor = System.Drawing.Color.Red; textboxError.Visible = false; textboxError.Text = ""; if (!Page.IsPostBack) { textboxRecipient.Text = "+85593840396"; textboxMessage.Text = "Hello World!"; } } protected void buttonSendOnClick(object sender, EventArgs e) { if (textboxRecipient.Text == "") { textboxError.Text += "Recipient(s) field must not be empty!\n"; textboxError.Visible = true; return; } string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening string ozUser = HttpUtility.UrlEncode("tenh"); //username for successful login string ozPassw = HttpUtility.UrlEncode("tenh123"); //user's password string ozMessageType = "SMS:TEXT"; //type of message string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); string createdURL = ozSURL + ":" + ozSPort + "/httpapi" + "?action=sendMessage" + "&username=" + ozUser + "&password=" + ozPassw + "&messageType=" + ozMessageType + "&recipient=" + ozRecipients + "&messageData=" + ozMessageData; try { HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL); HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse(); System.IO.StreamReader respStreamReader=new System.IO.StreamReader(myResp.GetResponseStream()); string responseString = respStreamReader.ReadToEnd(); respStreamReader.Close(); myResp.Close(); //inform the user textboxError.Text = responseString; textboxError.Visible = true; } catch (Exception) { textboxError.Text = "Ozeki NG SMS Gateway Server is not running!"; textboxError.Visible = true; } } } }
I already add codes below to my web.config :
validateRequest="false" and requestValidationMode="2.0"
解决方案Don't know why
validateRequest="false"
is not working. Error Reason: Because you are getting data from a web page which contains Html tags and textbox text property does not allow to assign html strings to it, so you have to use a method which converts html tags to their equivalent code. Use HTML.Encode Method while assigningresponseString
to thetextboxError.Text
. This method converts potentially unsafe characters to their HTML-encoded equivalent.textboxError.Text = Server.HTMLEncode(responseString);
这篇关于从客户端检测到有潜在危险的Request.Form值(的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!