我们在A
SP.net 4.0 中使用URL导向后, 我们在访问类似如下的地址时 http://wz.csdn.net/ya
njinde77/一个面试题!********/
,就会报错误:
A
potentially
dangerous
Request.Path
value
was
detected
from the client
a
t System.Web.HttpRequest.Va
lida
teInputIfRequiredByConfig()
a
t System.Web.HttpA
pplica
tion.Va
lida
teRequestExecutionStep.System.Web.HttpA
pplica
tion.IExecutionStep.Execute()
a
t System.Web.HttpA
pplica
tion.ExecuteStep(IExecutionStep step, Boolea
n& completedSynchronously)
这是因为上述地址中有*这个特殊字符存在。
如果你想不让A
SP.net 替你拦截这些特殊字符,你需要设置如下Web.config的节:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<httpRuntime requestPathInvalidCharacters="" />
</system.web>
</configuration>
注意其中的requestPa
thInva
lidCha
ra
cters
它是一个以逗号分隔的无效字符列表。不设置它时,它默认的无效字符集(以,分割)是后面7个:<,>,*,%,&,:,\
即,不设置这个属性,默认就是如下设置:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>,*,%,:,&,\" />
</system.web>
</configuration>
如果你想这些字符全部不受限制,就应该设置 requestPa
thInva
lidCha
ra
cters
=""
, 如果是部分字符受限制,部分字符不受限制,就需要在 requestPa
thInva
lidCha
ra
cters
中设置需要受限制的字符,不受限制的不用设置。
参考资料:
Experiments in Wa
ckiness: A
llowing percents, a
ngle-bra
ckets, a
nd other na
ughty things in the A
SP.NET/IIS Request URL
http://www.budoou.com/a
rticle/981320/
http://blog.joycode.com/ghj/archive/2010/06/29/116007.joy
分享到:
相关推荐
An ISP earns its money by charging each of the the ISPs that connect to the IXP a relatively small fee, which may depend on the amount of traffic sent to or received from the IXP. 15. Google's ...
if the test was run a couple of times (without closing BurnInTest). Release 5.3 build 1021 WIN32 release 5 June 2008 - 32-bit BurnInTest PRO 5.3.1020 would not start on Windows 2000. This has been ...
这样,开发者就能正常使用那些需要用户输入HTML代码的功能,而不会触发“Apotentially dangerous Request.Form value was detected from the client”的异常。 为了解决这类问题,开发者首先应该检查web.config文件...
A project model for the FreeBSD Project Niklas Saers Copyright © 2002-2005 Niklas Saers [ Split HTML / Single HTML ] Table of Contents Foreword 1 Overview 2 Definitions 2.1. Activity 2.2. Process ...
The online edition of this book was created by the Safari production group (John Chodacki, Becki Maisch, and Madeleine Newell) using a set of Frame-to-XML conversion and cleanup tools written and ...
The directory from the --with-config-file-path compile time option, or the ; Windows directory (C:\windows or C:\winnt) ; See the PHP docs for more specific information. ; ...
- **Performance Overhead:** Every time a client makes a request, the server must perform a database lookup to retrieve the session data, which can introduce significant latency. - **Scalability Issues...
在具体实践中,你可以阅读"try-catch-block-around-A-potentially-dangerous-Req.pdf"文件,它很可能提供了更深入的讲解,包括如何构造有效的try-catch块以及处理特定异常的策略。这个文件应该详细介绍了在处理可能...
A 32-bit process is normally limited to addressing 2 gigabytes (GB) of memory, or 3 GB if the system was booted using the /3G boot switch even if there is more physical memory available. By leveraging...
PER_TIME_IN_GC_COUNTER_009_HELP=% Time in GC is the percentage of elapsed time that was spent in performing a garbage collection (GC) since the last GC cycle. This counter is usually an indicator of ...
异常检测算法综述. Outlier detection has been used for centuries to detect and, where appro- priate, remove anomalous observations from data. Outliers arise due to mechanical faults, changes in system ...
When this occurs, the program displays the line number the word appeared in, the word, and a list of possible corrections. The list of possible corrections for a misspelled word is generated using a...
When this occurs, the program displays the line number the word appeared in, the word, and a list of possible corrections. The list of possible corrections for a misspelled word is generated using a...
You must receive input from the user, including at least one numerical value. You must check for bad user input (for all numerical inputs). You must read from a file and write to a file (they can ...
In conclusion, the year 2016 saw a significant number of critical vulnerabilities in iOS, ranging from kernel exploits to bugs in system services like power management and networking components....
The estimation of total population size for ...are virtually unaffected by a potentially large pool of cryptic criminals. It is shown how independently collected auxiliary data can address this problem.
The packing program was coded based on a newly proposed scheme which obeys the no interpenetration kinematics of solid bodies. New contact detection algorithms for any two ellipsoids in the packing ...
much so that it was no longer possible to squeeze detailed explanations of all of C++ into a single book. This tutorial will teach the essentials of the C++ language and Standard Library features, ...