我有一个遗留代码问题,需要我支持随机网址,就好像它们是对主页的请求一样.某些 URL 中的字符会生成错误从客户端 (&) 检测到潜在危险的 Request.Path 值".该站点使用 ASP.Net MVC 3(C#)编写,并在 IIS 7.5 上运行.
这是一个示例网址...
mywebsite/Test123/This_&_That这是我如何设置所有路由(我有其他路由来捕获特定页面)...
routes.MapRoute("Default",//路由名称"{garb1}/{garb2}",//带参数的 URLnew { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional }//参数默认值);我已将以下内容添加到我的 web.config 文件中...
<system.web><pages validateRequest="false"/><httpRuntime requestValidationMode="2.0"/></system.web><配置>我还为应该捕获网址的操作添加了 ValidateInput 属性...
public class WebsiteController : Controller{[验证输入(假)]公共 ActionResult 主页(){返回视图();}}但我仍然收到错误消息.任何想法为什么?我错过了什么?现在我只是在我的本地开发服务器上运行(我还没有在生产中尝试过这些修复).
解决方案虽然你可以在配置文件中尝试这些设置
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0"/><pages validateRequest="false"/></system.web>我会避免使用像&"这样的字符在 URL 路径中用下划线替换它们.
I've got a legacy code issue that requires that I support random urls as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.
Here's an example URL...
mywebsite/Test123/This_&_ThatHere's how I have my catch-all route setup (I have other routes to catch specific pages)...
routes.MapRoute( "Default", // Route name "{garb1}/{garb2}", // URL with parameters new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults );I've added the following things to my web.config file...
<configuration> <system.web> <pages validateRequest="false" /> <httpRuntime requestValidationMode="2.0" /> </system.web> <configuration>I've also Added the ValidateInput attribute to the action that should be catching the urls...
public class WebsiteController : Controller { [ValidateInput(false)] public ActionResult Home() { return View(); } }But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).
解决方案While you could try these settings in config file
<system.web> <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" /> <pages validateRequest="false" /> </system.web>I would avoid using characters like '&' in URL path replacing them with underscores.
更多推荐
获取“从客户端(&)检测到潜在危险的 Request.Path 值"
发布评论