什么是避开在asp.net中一个“潜在危险的请求”错误的最好方法? [英] What's the best way to get round a 'Potentially Dangerous Request' error in asp.net?
问题描述
我目前正在对了,在结账的项目,一个选项,以嵌入的YouTube视频连接到一个广告。
The project I am currently working on has, in the checkout, an option to attach an embedded YouTube video to an advert.
这是造成头痛:
我原来的计划是采取嵌入HTML用户从YouTube提供并打出VIDEOID,并且只存储,拒绝任何不符合一定的模式,以确保没有狡猾的生意。
My original plan was to take the embed html that the user provides from YouTube and split out the videoID, and store only that, rejecting anything that does not fit a certain pattern, to ensure there's no dodgy business.
不幸的是,ASP.net验证捕HTML之前被发回给我处理,有没有什么办法的除关闭验证的来解决这个问题?
Unfortunately, the ASP.net validation is catching the html before it gets sent back to me for processing, is there any way other than turning off validation to get around this?
我可以处理不安全的HTML自己,还有在页面上太多其他的控制来证明关闭验证。
I can deal with the unsecure html myself, and there are too many other controls on the page to justify turning off validation.
推荐答案
关闭ValidateRequest标志是允许.NET接受数据的唯一途径。
Turning off the ValidateRequest flag is the only way to allow for .net to accept the data.
第一种选择是使用JavaScript来恩code输入,在页面后的EN codeD数据,而不是原始的HTML。
One alternative may be to use javascript to encode the input and have the page post the encoded data instead of the raw html.
另一种方法是有一个空白页面,你的控制和主网页的iframe中的提交按钮。这样,你只需要关闭验证了该网页,因此该控件。样式可以是一个问题虽然这里。
Another alternative is to have a blank page with your control and a "submit" button within an iframe on the main page. That way you only need to turn off validation for that page and therefore that control. Styling can be an issue here though.
这篇关于什么是避开在asp.net中一个“潜在危险的请求”错误的最好方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
