获取“从客户端(&)检测到潜在危险的 Request.Path 值" [英] Getting "A potentially dangerous Request.Path value was detected from the client (&)"

问题描述

我有一个遗留代码问题，需要我支持随机网址，就好像它们是对主页的请求一样.某些 URL 中的字符会生成错误从客户端 (&) 检测到潜在危险的 Request.Path 值".该站点使用 ASP.Net MVC 3(C#)编写，并在 IIS 7.5 上运行.

这是一个示例网址...

http://mywebsite.com/Test123/This_&_That

这是我如何设置所有路由(我有其他路由来捕获特定页面)...

routes.MapRoute("Default",//路由名称"{garb1}/{garb2}",//带参数的 URLnew { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional }//参数默认值);

我已将以下内容添加到我的 web.config 文件中...

<预><代码><配置><system.web><pages validateRequest="false"/><httpRuntime requestValidationMode="2.0"/></system.web><配置>

我还为应该捕获网址的操作添加了 ValidateInput 属性...

public class WebsiteController : Controller{[验证输入(假)]公共 ActionResult 主页(){返回视图()；}}

但我仍然收到错误消息.任何想法为什么?我错过了什么?现在我只是在我的本地开发服务器上运行(我还没有在生产中尝试过这些修复).

解决方案

虽然你可以在配置文件中尝试这些设置

<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0"/><pages validateRequest="false"/></system.web>

我会避免使用像&"这样的字符在 URL 路径中用下划线替换它们.

I've got a legacy code issue that requires that I support random urls as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.

Here's an example URL...

http://mywebsite.com/Test123/This_&_That

Here's how I have my catch-all route setup (I have other routes to catch specific pages)...

routes.MapRoute(
    "Default", // Route name
    "{garb1}/{garb2}", // URL with parameters
    new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults
);

I've added the following things to my web.config file...

<configuration>
    <system.web>
        <pages validateRequest="false" />
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
<configuration>

I've also Added the ValidateInput attribute to the action that should be catching the urls...

public class WebsiteController : Controller
{
    [ValidateInput(false)]
    public ActionResult Home()
    {
        return View();
    }
}

But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).

解决方案

While you could try these settings in config file

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

I would avoid using characters like '&' in URL path replacing them with underscores.

这篇关于获取“从客户端(&amp;)检测到潜在危险的 Request.Path 值"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！