I have a form at which I use ckeditor. This form worked fine at Asp.Net 2.0 and 3.5 but now it doesn\'t work in Asp.Net 4+. I have ValidateRequest=\"false\" directive. Any suggestions?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Found solution at the error page. Just needed to add requestValidationMode=\"2.0\"
<system.web>
<compilation debug=\"true\" targetFramework=\"4.0\" />
<httpRuntime requestValidationMode=\"2.0\" />
</system.web>
MSDN information: HttpRuntimeSection.RequestValidationMode Property
回答2:
There is a way to turn the validation back to 2.0 for one page. Just add the below code to your web.config:
<configuration>
<location path=\"XX/YY\">
<system.web>
<httpRuntime requestValidationMode=\"2.0\" />
</system.web>
</location>
...
the rest of your configuration
...
</configuration>
回答3:
I know this is an old question, but if you encounter this problem in MVC 3 then you can decorate your ActionMethod with [ValidateInput(false)] and just switch off request validation for a single ActionMethod, which is handy. And you don\'t need to make any changes to the web.config file, so you can still use the .NET 4 request validation everywhere else.
e.g.
[ValidateInput(false)]
public ActionMethod Edit(int id, string value)
{
// Do your own checking of value since it could contain XSS stuff!
return View();
}
回答4:
This works without changing the validation mode.
You have to use a System.Web.Helpers.Validation.Unvalidated helper from System.Web.WebPages.dll. It is going to return a UnvalidatedRequestValues object which allows to access the form and QueryString without validation.
For example,
var queryValue = Server.UrlDecode(Request.Unvalidated(\"MyQueryKey\"));
Works for me for MVC3 and .NET 4.
回答5:
Note that another approach is to keep with the 4.0 validation behaviour, but to define your own class that derives from RequestValidator and set:
<httpRuntime requestValidationType=\"YourNamespace.YourValidator\" />
(where YourNamespace.YourValidator is well, you should be able to guess...)
This way you keep the advantages of 4.0s behaviour (specifically, that the validation happens earlier in the processing), while also allowing the requests you need to let through, through.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 唯独是你 的文章《ValidateRequest=“false” doesn't work in Asp.Ne》','https://www.manongdao.com/article-8874.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}