`

A potentially dangerous Request.Path value was detected from the client 异常

阅读更多

我们在A SP.net 4.0 中使用URL导向后, 我们在访问类似如下的地址时 http://wz.csdn.net/ya njinde77/一个面试题!********/ ,就会报错误: 

A potentially dangerous Request.Path value was detected from the client

a t System.Web.HttpRequest.Va lida teInputIfRequiredByConfig()  

a t System.Web.HttpA pplica tion.Va lida teRequestExecutionStep.System.Web.HttpA pplica tion.IExecutionStep.Execute()  

a t System.Web.HttpA pplica tion.ExecuteStep(IExecutionStep step, Boolea n& completedSynchronously)

这是因为上述地址中有*这个特殊字符存在。

如果你想不让A SP.net 替你拦截这些特殊字符,你需要设置如下Web.config的节:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<httpRuntime requestPathInvalidCharacters="" />
</system.web>
</configuration> 

注意其中的requestPa thInva lidCha ra cters 它是一个以逗号分隔的无效字符列表。不设置它时,它默认的无效字符集(以,分割)是后面7个:<,>,*,%,&,:,\

即,不设置这个属性,默认就是如下设置:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,:,&amp;,\" />
</system.web>
</configuration> 


如果你想这些字符全部不受限制,就应该设置 requestPa thInva lidCha ra cters ="" , 如果是部分字符受限制,部分字符不受限制,就需要在 requestPa thInva lidCha ra cters 中设置需要受限制的字符,不受限制的不用设置。

 

参考资料:

Experiments in Wa ckiness: A llowing percents, a ngle-bra ckets, a nd other na ughty things in the A SP.NET/IIS Request URL
http://www.budoou.com/a rticle/981320/

http://blog.joycode.com/ghj/archive/2010/06/29/116007.joy

分享到:
评论

相关推荐

    计算机网络第六版答案

    An ISP earns its money by charging each of the the ISPs that connect to the IXP a relatively small fee, which may depend on the amount of traffic sent to or received from the IXP. 15. Google's ...

    a project model for the FreeBSD Project.7z

    A project model for the FreeBSD Project Niklas Saers Copyright © 2002-2005 Niklas Saers [ Split HTML / Single HTML ] Table of Contents Foreword 1 Overview 2 Definitions 2.1. Activity 2.2. Process ...

    Perl.for.Oracle.DBAs

    The online edition of this book was created by the Safari production group (John Chodacki, Becki Maisch, and Madeleine Newell) using a set of Frame-to-XML conversion and cleanup tools written and ...

    better.business.decisions.from.data.statistical.analysis

    Kenny lays a foundation for understanding the importance and value of Big Data, and then he shows how mined data can help you see your business in a new light and uncover opportunity. Among other ...

    asp.net4.0框架下验证机制失效的原因及处理办法

    ASP.NET请求验证功能为我们提供应用程序的安全保证,避免站点受到XSS跨站脚本攻击。...但是在ASP.NET 4.0框架下,你会发现,即使你这样做,仍然会提示你这样的一个异常“A potentially dangerous Request.Form v

    BURNINTEST--硬件检测工具

    if the test was run a couple of times (without closing BurnInTest). Release 5.3 build 1021 WIN32 release 5 June 2008 - 32-bit BurnInTest PRO 5.3.1020 would not start on Windows 2000. This has been ...

    php.ini-development

    The directory from the --with-config-file-path compile time option, or the ; Windows directory (C:\windows or C:\winnt) ; See the PHP docs for more specific information. ; ...

    微软内部资料-SQL性能优化2

    A 32-bit process is normally limited to addressing 2 gigabytes (GB) of memory, or 3 GB if the system was booted using the /3G boot switch even if there is more physical memory available. By leveraging...

    中关村在线

    PER_TIME_IN_GC_COUNTER_009_HELP=% Time in GC is the percentage of elapsed time that was spent in performing a garbage collection (GC) since the last GC cycle. This counter is usually an indicator of ...

    ubuntu16.04安装python3.6.docx

    N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to ...

    A Survey of Outlier Detection Methodologies

    异常检测算法综述. Outlier detection has been used for centuries to detect and, where appro- priate, remove anomalous observations from data. Outliers arise due to mechanical faults, changes in system ...

    hash table spell checking

    When this occurs, the program displays the line number the word appeared in, the word, and a list of possible corrections. The list of possible corrections for a misspelled word is generated using a...

    数据结构作业Hash表

    When this occurs, the program displays the line number the word appeared in, the word, and a list of possible corrections. The list of possible corrections for a misspelled word is generated using a...

    Aerotech A3200 Training_V1.1.pdf

    激光行业中及一些高精度需求的行业中关于硬件的介绍,包括软件的一些编译D A N G E R : This product contains potentially lethal voltages. To reduce the possibility of electrical shock, bodily injury, or ...

    FILTERING, SEGMENTATION AND REGION CLASSIFICATION BY HYPERSPECTRAL

    The idea is to start from a temporal classification, and to build a probability density function of contours conditionally to this classification. Then, this function is segmented to find potentially...

    demonstrate File I/O, user input, and output manipulation

    You must receive input from the user, including at least one numerical value. You must check for bad user input (for all numerical inputs). You must read from a file and write to a file &#40;they can ...

    XORs in the Air: Practical Wireless Network Coding

    Abstract—This paper proposes COPE, a new architecture for ... The gains vary from a few percent to several folds depending on the traffic pattern, congestion level, and transport protocol.

    Estimating the Size of Criminal Populations

    The estimation of total population size for ...are virtually unaffected by a potentially large pool of cryptic criminals. It is shown how independently collected auxiliary data can address this problem.

    Eclipse plugin development

    we introduce you to the types of components that can be used in Lotus Expeditor composite applications. We explain the component types that are available today and provide a future outlook to things ...

Global site tag (gtag.js) - Google Analytics