如何绕过的Htt prequestValidationException只是一个请求值没有编码的价值? [英] How to bypass HttpRequestValidationException for just one request value without encoding the value?
问题描述
条规定:不能使用base64编码。有人告诉我,以不增加有效载荷高于所需的多,这BASE64就行了。
Stipulation: Cannot use base64 encoding. I've been told to not increase the payload any more than necessary, which base64 will do.
preferred:设置 requestValidationMode 单页到2.0,但的我不认为这是可能的。
Preferred: Setting requestValidationMode for single page to 2.0, but I don't think this is possible.
情景:用户浏览并选择图像。前端将通过抓取图像,<一个href=\"https://developer.mozilla.org/en-US/docs/Web/API/FileReader?redirectlocale=en-US&redirectslug=DOM/FileReader#readAsDataURL%28%29\"相对=nofollow> FileReader.readAsDataUrl(F) ,然后去的base64 code这(让我相当于<一个href=\"https://developer.mozilla.org/en-US/docs/Web/API/FileReader?redirectlocale=en-US&redirectslug=DOM/FileReader#readAsBinaryString%28%29\"相对=nofollow> FileReader.readAsBinaryString(F) ,但不兼容IE10),它通过AJAX发送到我的IHttpHandler。
Scenario: User browses and selects image. Front-end will grab the image using, FileReader.readAsDataUrl(f), then base64 decode it (leaving me with the equivalent of FileReader.readAsBinaryString(f), but isn't IE10 compatible), and send it to my IHttpHandler via AJAX.
目前,这将抛出一个的Htt prequestValidationException ,因为二进制数据包括有潜在危害的字符。这不是一个问题,因为我们的后端将验证数据。如何修复/旁路此厚望的只是这个数据本身?
Currently, this will throw an HttpRequestValidationException, because the binary data includes characters that are potentially harmful. This is not a concern, because our back-end will verify the data. How do I fix/bypass this expection on just this data alone?
推荐答案
这花了一点挖,但这里是答案:
This took a little digging, but here is the answer:
在web.config中,添加:
In web.config, add:
<httpRuntime requestValidationMode="4.5" />
您可以再使用的Htt prequest.Unvalidated属性读取未经验证的形式值:
You can then use the HttpRequest.Unvalidated property to read the unvalidated form value:
var s = context.Request.Unvalidated.Form["forum_post"];
这是在ASP.NET 4.5中的新,并呼吁递延(懒),请求验证。
This is new in ASP.NET 4.5 and called Deferred ("lazy") request validation.
开发经常要求有选择地再翻
关闭请求验证他们的应用程序。例如,如果你的
应用程序是论坛软件,您可能希望允许用户提交
HTML格式的论坛帖子和评论,但仍确保
请求验证正在检查一切。
Developers have frequently asked for the ability to selectively turn off request validation for their applications. For example, if your application is forum software, you might want to allow users to submit HTML-formatted forum posts and comments, but still make sure that request validation is checking everything else.
ASP.NET 4.5引入了两个功能,使您轻松
与未经验证的输入选择工作:延期(懒惰)的要求
验证和访问未经验证的请求数据。
ASP.NET 4.5 introduces two features that make it easy for you to selectively work with unvalidated input: deferred ("lazy") request validation and access to unvalidated request data.
对于一些人,你可能会碰到的问题,我不能说我明白其中的道理,只是通过改变 requestValidationMode 到 4.5 ,它会抛出一个 System.StackOverflowException 。在我的情况下解决这个问题,我只设置请求验证模式,在我的处理程序,像这样在web.config:
For some, you may run into issues, that I cannot say I understand the reason, except that by changing the requestValidationMode to 4.5, it will throw a System.StackOverflowException. To solve this in my situation, I only set the request validation mode on my handler, like so in the web.config:
<location path="~/Handlers/MyHandler.ashx">
<system.web>
<httpRuntime requestValidationMode="4.5" />
</system.web>
</location>
这篇关于如何绕过的Htt prequestValidationException只是一个请求值没有编码的价值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
