Asp.Net MVC输入验证被禁用后，仍然射击 [英] Asp.Net MVC Input Validation still firing after being disabled

问题描述

我已经停用​​ validateRequest 在我的web.config，但应用程序仍触发错误：

  

从客户端检测到有潜在危险的Request.Form值

我有在我的web.config以下

 ＆LT;的httpRuntime requestValidationMode =2.0/＆GT;
    ＆所述;网页validateRequest =假＆GT;
 

我也试过在我的控制器以下无济于事

 ＆LT; ValidateInput（假）＆GT; _
＆LT; AcceptVerbs（HttpVerbs.Post）GT; _
功能编辑（BYVAL用户作为Domain.User，BYVAL ID作为整数）作为的ActionResult
 

解决方案

答发现
<一href=\"http://stackoverflow.com/questions/807662/why-is-validateinputfalse-not-working\">http://stackoverflow.com/questions/807662/why-is-validateinputfalse-not-working

您必须设置ValidInput的在控制器和在web.config中。

 ＆LT;的httpRuntime requestValidationMode =2.0/＆GT;
 

I've disabled validateRequest in my web.Config, but the app is still firing the error:

A potentially dangerous Request.Form value was detected from the client

I've got the following in my web.Config

    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false">

I've also tried the following in my controller to no avail

<ValidateInput(False)> _
<AcceptVerbs(HttpVerbs.Post)> _
Function Edit(ByVal user As Domain.User, ByVal id As Integer) As ActionResult

解决方案

Answer found http://stackoverflow.com/questions/807662/why-is-validateinputfalse-not-working

You have to set the ValidInput in the Controller AND in the web.Config.

    <httpRuntime requestValidationMode="2.0"/>

这篇关于Asp.Net MVC输入验证被禁用后，仍然射击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！