Request Validation - ASP.NET MVC 2

2019-01-17 21:00发布

站内问答 / 前沿技术
580 2 6

Has request validation changed for ASP.NET MVC 2, more precisely, not validating?

I did the following:

Web.configs (in App directory and Views directory)

<pages
    validateRequest="false"

Controller/Action Attribute

[ValidateInput(false)]

In @Page View Directive

ValidateRequest="false"

The page still gets validated an exception is thrown when HTML content is posted.

UPDATE

Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this

    [ValidateInput(false)]
    public ActionResult Index(string InputText)
    {
        ViewData["Message"] = "Welcome to ASP.NET MVC!";

        return View();
    }

and my View Page

<% using(Html.BeginForm()){ %>
    <%= Html.TextBox("InputText") %>
    <input type="submit" />
<% } %>

And still the same issue, an exception is thrown.

2条回答
叼着烟拽天下
2楼-- · 2019-01-17 21:23

I should read the error more carefully next time:

To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"

I put this in the application's web.config

<system.web>
  <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>

and it worked.

Update:

I was running ASP.NET 4 thats why :P

查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
3楼-- · 2019-01-17 21:34

Insert obligatory warning about XSS here.

That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC

I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.

Do you have an HandleErrorAttribute set up anywhere?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)