【发布时间】:2017-12-14 13:31:39
【问题描述】:
我在页面加载时遇到以下异常:
A potentially dangerous Request.Form value was detected from the client (ctl00$main$txtPreviewOfFile="...y Teacher <PR+OJ> ...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$main$txtPreviewOfFile="...y Teacher <PR+OJ> ...").
在服务器上部署后出现错误,但在 Visual Studio 上却没有,即使我试图找到 Visual Studio Web 应用程序的异常工作正常。
我曾使用过validateRequest="false" 和requestValidationMode="2.0",但在web.config 或page directive 上使用这些标签后,异常会被取消,但页面功能停止工作。
请帮助我处理例外情况。
【问题讨论】:
-
ctl00$main$txtPreviewOfFile=> 这表示内容占位符内名为txtPreviewOfFile的文本框服务器控件。能否提供页面标记(及相关代码)? -
@TetsuyaYamamoto 感谢您的帮助,异常已解决为使用 Server.HtmlEncode 方法
txtPreviewOfFile.Text = Server.HtmlEncode(preview.ToString());Thanx 再次指出异常区域。 :)