gpt4 book ai didi

c# - 检测到 ASP.NET MVC 5 危险的 Request.Path

转载 作者:太空宇宙 更新时间:2023-11-03 13:03:50 27 4
gpt4 key购买 nike

我在使用 ASP.NET MVC 5 时遇到了一个相当普遍的问题,它会在无效的 URL 字符(例如 &% 上引发异常。

我尝试了很多来自其他堆栈溢出问题的不同建议,比如 herehere .但是,将此添加到我的 Web.config 不起作用:

<system.web>
<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,%,:,\,?"
requestValidationMode="2.0"/>
</system.web>

也不会在我的 Controller 方法上方添加 [HttpValidate(false)]

我找到了这个 gem在寻找解决方案时,它看起来很有希望,但即使那样也行不通。 url 请求没有被该站点的代码更改,这让我想知道问题是否发生在 ASP.net 甚至有机会采取行动之前。

我试图避免手动编码我的所有请求,但如果这是我必须做的,那么我想我别无选择。

如果有帮助,这是我的堆栈跟踪:

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (&).]

System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9693412 System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

最佳答案

我在 Web-Form 应用程序中遇到过该错误,它通常是由传递给 Controller ​​的特殊字符引起的。最简单的解决方案,以确保您的数据在到达您的 Controller 之前被正确编码。这将是最安全的方法,但是如果您想要一种快速而肮脏的方法,您可以通过 web.config 稍微放松对 Page/View 的安全性。

<!-- Example: 'Web-Config' -->
<location path="test.aspx">
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
</location>

上面做了以下事情:

In either case, you must make two changes in the Web.config file. The first change is to set the requestValidationMode attribute of the httpRuntime element to "2.0". This setting makes request validation occur later in the sequence of request processing events. The setting is required for applications that use ASP.NET 4 and later, because as of ASP.NET 4, request validation takes place earlier in the request life cycle than it did in previous versions of ASP.NET.

否则你可以简单地使用:

HttpUtility.HtmlDecode("...");
HttpUtility.HtmlEncode("...");

以上目的:

If characters such as blanks and punctuation are passed in an HTTP stream, they might be misinterpreted at the receiving end. HTML encoding converts characters that are not allowed in HTML into character-entity equivalents; HTML decoding reverses the encoding. For example, when embedded in a block of text, the characters < and > are encoded as < and > for HTTP transmission.

您还可以查找 UrlEncodeUrlDecode

关于c# - 检测到 ASP.NET MVC 5 危险的 Request.Path,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31477597/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com