从客户端检测到有潜在危险的Request的价值 [英] A potentially dangerous Request.Path value was detected from the client
问题描述
我在为什么我得到这个错误完全丧失。这个错误的典型原因有尝试提交HTML标记为一个文本字符串或类似的东西,但我没有做这样的事情要做。我认为这是发生在该网页接受一个简单的电子邮件地址。
I am at a complete loss for why I am getting this error. The typical cause of this error has to do with trying to submit HTML markup into a text string or something similar but I'm not doing anything like that. The page I think this is happening on takes in a simple email address.
下面是我的模型验证...
Here is my model with validation...
public class Subscriber
{
[Key]
[DisplayName("Email Address")]
[Required(ErrorMessage = "{0} is required")]
[RegularExpression(@"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})$", ErrorMessage = "{0} must be a valid email address")]
public string EmailAddress { get; set; }
public Guid UnsubscribeKey { get; set; }
}
下面是我的脚本引用,因为这个错误似乎是在脚本目录...
Here are my script references because the error seems to be in the Scripts directory...
<script src="@Url.Content("~/Scripts/jquery-1.5.2.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.unobtrusive-ajax.min.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/modernizr-1.7.min.js")" type="text/javascript"></script>
我最好的猜测是有人在恶意输入一些无效的脚本到电子邮件地址,但我没有看到在ELMAH或$ C $输入csmith洞察指向我的任何code中的任何错误。我甚至不能弄清楚究竟哪里发生这种情况。
My best guess is that someone is maliciously entering some invalid script into the email address but I'm not seeing any errors in Elmah or CodeSmith Insight that points to any of my code. I can't even figure out where exactly this is happening.
和这里的错误...
从客户端(:)检测到有潜在危险的Request的价值。 (/NewsList/Scripts/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g)
System.Web.HttpException(0X80004005):从客户端(:)中检测到有潜在危险的Request的价值。
在System.Web.Htt prequest.ValidateInputIfRequiredByConfig()
在System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext的背景下)
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
在System.Web.Htt prequest.ValidateInputIfRequiredByConfig()
在System.Web.HttpApplication + PipelineStepManager.ValidateHelper(HttpContext的背景下)
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication+PipelineStepManager.ValidateHelper(HttpContext context)
路径中具有非法字符。
System.ArgumentException:路径中具有非法字符。
在System.IO.Path.CheckInvalidPathChars(字符串路径)
在System.Security.Permissions.FileIOPermission.HasIllegalCharacters(字符串[] STR)
在System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess访问,AccessControlActions控制的String [] pathListOrig,布尔checkForDuplicates,布尔needFullPath,布尔copyPathList)
在System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess访问,字符串路径)
在System.Web.InternalSecurityPermissions.PathDiscovery(字符串路径)
在System.Web.Htt prequest.get_PhysicalPath()
在WebsitePanel.IIsModules.SecureFolders.context_OnEnter(对象发件人,EventArgs的发送)
在System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
在System.Web.HttpApplication.ExecuteStep(IExecutionStep一步,布尔和放大器; completedSynchronously)
System.ArgumentException: Illegal characters in path. at System.IO.Path.CheckInvalidPathChars(String path) at System.Security.Permissions.FileIOPermission.HasIllegalCharacters(String[] str) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String path) at System.Web.InternalSecurityPermissions.PathDiscovery(String path) at System.Web.HttpRequest.get_PhysicalPath() at WebsitePanel.IIsModules.SecureFolders.context_OnEnter(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
在System.IO.Path.CheckInvalidPathChars(字符串路径)
在System.Security.Permissions.FileIOPermission.HasIllegalCharacters(字符串[] STR)
在System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess访问,AccessControlActions控制的String [] pathListOrig,布尔checkForDuplicates,布尔needFullPath,布尔copyPathList)
在System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess访问,字符串路径)
在System.Web.InternalSecurityPermissions.PathDiscovery(字符串路径)
在System.Web.Htt prequest.get_PhysicalPath()
在WebsitePanel.IIsModules.SecureFolders.context_OnEnter(对象发件人,EventArgs的发送)
在System.Web.HttpApplication+SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
在System.Web.HttpApplication.ExecuteStep(IExecutionStep一步,布尔和放大器; completedSynchronously)
at System.IO.Path.CheckInvalidPathChars(String path) at System.Security.Permissions.FileIOPermission.HasIllegalCharacters(String[] str) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String path) at System.Web.InternalSecurityPermissions.PathDiscovery(String path) at System.Web.HttpRequest.get_PhysicalPath() at WebsitePanel.IIsModules.SecureFolders.context_OnEnter(Object sender, EventArgs e) at System.Web.HttpApplication+SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
更新 - 得到解决
货架我的大脑更多关于这个之后,我看到了WebsitePanel.IIsModules.SecureFolders中的堆栈跟踪和震动我的记忆中。我记得看到一些关于我的托管服务提供商的安全文件夹。此功能是埋在他们的控制面板,其将根据该方法是有意义的。我给他们,并要求他们禁止模块。所以我怀疑这是它不是发生了几天。
UPDATE - POSSIBLE RESOLVED After racking my brain more on this I saw "WebsitePanel.IIsModules.SecureFolders" in the stack trace and that jarred my memory. I remember seeing something about secure folders on my hosting provider. This feature is buried in their control panel which would make sense based on the method. I emailed them and asked them to disable the module. It hasn't occurred for a few days so I suspect that was it.
推荐答案
作为异常说,有在请求路径非法字符,更具体的冒号也不行(:) =有潜在危险的Request的价值从客户端(:)检测
As the Exception says there is illegal characters in the request path, more specifically the colon character is not ok (:) = "A potentially dangerous Request.Path value was detected from the client (:). "
您的要求似乎包含:
\"(/NewsList/Scripts/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g\"
"(/NewsList/Scripts/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g"
从客户端(:)中检测到有潜在危险的Request的价值。 (/NewsList/Scripts/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g)
A potentially dangerous Request.Path value was detected from the client (:). (/NewsList/Scripts/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g)
System.Web.HttpException(0X80004005):从客户端(:)中检测到有潜在危险的Request的价值。在System.Web.Htt prequest.ValidateInputIfRequiredByConfig()在System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext的背景下)
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
在System.Web.Htt prequest.ValidateInputIfRequiredByConfig()在System.Web.HttpApplication + PipelineStepManager.ValidateHelper(HttpContext的背景下)
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication+PipelineStepManager.ValidateHelper(HttpContext context)
路径中具有非法字符。
这篇关于从客户端检测到有潜在危险的Request的价值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
