被检测到有潜在危险的Request.Form值:这些错误主动处理,或在事后 [英] A potentially dangerous Request.Form value was detected: Dealing with these errors proactively, or after the fact
问题描述
我注意到这个错误越来越多的在我的错误日志。我经过这里的问题说起这个错误读取,但它们并没有解决什么,我想这样做(见下文)。
I'm noticing this error more and more in my error logs. I've read through the questions here talking about this error, but they don't address what I would like to do (see below).
我在考虑三个选项,在preference的顺序:
I'm considering three options, in the order of preference:
1)当提交表单时(我用formviews几乎完全,有没有什么帮助),如果检测到有潜在危险的人物,会自动带他们出去,并提交。
1) When submitting a form (I use formviews almost exclusively, if that helps), if potentially dangerous characters are detected, automatically strip them out and submit.
2)当提交表单时,如果检测到有潜在危险的人物,提醒用户,让他们重新尝试之前将其修复。
2) When submitting a form, if potentially dangerous characters are detected, alert the user and let them fix it before trying again.
3)所产生的异常后,处理它,并提醒用户。
3) After the exception is generated, deal with it and alert the user.
我希望前两个选项之一可能是能够做到有所全球......我知道第三次我不得不改变尝试捕获块一吨我已经到位。可行的,但劳动强度大。我宁愿积极主动地,如果可能的话,避免异常一起。
I'm hoping one of the first two options might be able to do somewhat globally...I know for the 3rd I'd have to alter a TON of Try-Catch blocks I already have in place. Doable, but labor intensive. I'd rather be proactive about it if at all possible and avoid the exception all together.
也许有办法#1是写的code块,可以遍历一个FormView所有文本输入框,插入/更新活动期间,以及剥离的人物了。我确定这一说法,但我宁愿没有严重改变我所有的插入/更新事件来做到这一点。或者,也许我只是创建一个不同的类做文本查看/删除,只插1号线的code。在每个插入/更新事件。如果有人能拿出任何一种方法的一些例子code,这将是一个帮助。
Perhaps one approach to #1 would be to write a block of code that could loop through all text entry fields in a formview, during the insert/update event, and strip the characters out. I'm ok with that, but I'd rather not have to heavily alter all my Insert/Update events to accomplish this. Or maybe I just create a different class to do the text checking/deleting, and only insert 1 line of code in each Insert/Update event. If anyone can come up with some example code of any of these approaches that would be a help.
感谢您的任何意见或信息。我与其他解决方案过于绝对开放的;这些都只是浮现在脑海中3。我可以说,我不想把请求验证关闭,但。
Thanks for any ideas or information. I'm definitely open to other solutions too; these are only the 3 that came to mind. I can say that I don't want to turn request validation off though.
推荐答案
我会preFER#2或#3。在#1,你正在改变不知情的情况下有什么用户输入。
I Would prefer #2 or #3. In #1 you are altering what user entered without their knowledge.
您可以继续勾提交表单的事件,遍历可编辑的字段,并做了仔细的检查。
You can go ahead and hook to Submit event of the form, and iterate through the editable fields and do a sanity check.
有关oprion#3,你可以重写Page类的方法的OnError,并能提供指出问题自定义错误消息。 (此外,您还可以使用ELMAH或Application_Error事件)来处理这些错误。
For oprion #3, you can override the OnError methods of the Page class, and can provide a custom error message indicating the problem. (Also, you can use ELMAH or Application_Error event) to handle these errors.
在做验证时,我会建议你做客户端和服务器端方法。
I would suggest you do both client as well as Server side approach when doing validations.
这篇关于被检测到有潜在危险的Request.Form值:这些错误主动处理,或在事后的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
