使用FCKeditor后报错:"从客户端中检测到有潜在危险的 Request.Form 值."设置了 ValidateRequest="false"后还是报同样错误:说明: 请求验证过程检测到有潜在危险的客户端输入值,对请求的处理已经中止。该值可能指示存在危及应用程序安全的尝试,如跨站点脚本攻击。若要允许页面重写应用程序请求验证设置,请将 httpRuntime 配置节中的 requestValidationMode 特性设置为 requestValidationMode="2.0"。示例:英文:。设置此值后,可通过在 Page 指令或 配置节中设置 validateRequest="false" 禁用请求验证。但是,在这种情况下,强烈建议应用程序显式检查所有输入。有关更多信息,请参见 。
A potentially dangerous Request.Form value was detected from the client (Text="<p>what?</p>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Text="<p>what?</p>"). 其实是c#的一种表单安全验证机制,建议还是将表单的内容转下码,当然是转成HTML。不转也行,那就找下面两种方法解决吧(二选一)。
1.要先在web.config文件的system.web节设置:<httpRuntime requestValidationMode="2.0"/>
2.在要验证的页面中的配置加上(头部第一行):validateRequest="false"