Mar 20, 2014, 10:29 AM
[CLOSED] 从客户端(he_info="<div><font face="tah...")中检测到有潜在危险的 Request.Form 值。
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm23.aspx.cs" Inherits="extdemo.test.WebForm23" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title></title>
</head>
<body>
<form id="form1" runat="server">
<ext:ResourceManager ID="ResourceManager1" runat="server" SourceFormatting="True" RenderScripts="CDN" RenderStyles="CDN"></ext:ResourceManager>
<ext:Viewport ID="Viewport1" runat="server" Layout="FitLayout">
<Items>
<ext:FormPanel ID="FormPanel1" runat="server" Layout="AnchorLayout" Title="企业简介">
<Items>
<ext:HtmlEditor LabelWidth="75" ID="he_info" runat="server" Margin="4" FieldLabel="企业简介" AnchorVertical="-100" AnchorHorizontal="100%"></ext:HtmlEditor>
</Items>
<Buttons>
<ext:Button ID="Button1" runat="server" Text="确定" Icon="Disk">
<DirectEvents>
<Click OnEvent="SaveComp"></Click>
</DirectEvents>
</ext:Button>
</Buttons>
</ext:FormPanel>
</Items>
</ext:Viewport>
</form>
</body>
</html>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Ext.Net;
namespace extdemo.test
{
public partial class WebForm23 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!X.IsAjaxRequest)
{
he_info.Text = Server.HtmlDecode("<div><font face="tahoma, arial, verdana, sans-serif">&nbsp; &nbsp; &nbsp; 苏州市吴中区木渎镇乐图模流分析公司,注册成立于2009年3月 '"</font></div>");
}
}
protected void SaveComp(object sender, DirectEventArgs e)
{
var a = Server.HtmlEncode(he_info.Text);
he_info.Text = Server.HtmlDecode(a);
X.Msg.Alert("info", "success").Show();
}
}
}
when page is load, then i click "确定" button , then show error :从客户端(he_info="<div><font face="tah...")中检测到有潜在危险的 Request.Form 值。
说明: ASP.NET 在请求中检测到包含潜在危险的数据,因为它可能包括 HTML 标记或脚本。该数据可能表示存在危及应用程序安全的尝试,如跨站点脚本攻击。如果此类型的输入适用于您的应用程序,则可包括明确允许的网页中的代码。有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkID=212874。
异常详细信息: System.Web.HttpRequestValidationException: 从客户端(he_info="<div><font face="tah...")中检测到有潜在危险的 Request.Form 值。
BUT when i simplely add a blank space to the htmleditor or edit it a little , the no error. why?
Last edited by Daniil; Mar 24, 2014 at 4:18 AM.
Reason: [CLOSED]