1

可能重复:
从客户端检测到潜在危险的 Request.Form 值

我收到错误消息:

 A potentially dangerous Request.Form value was detected from the client 
 (ctl00$MainContent$textboxError=...


在我运行 asp.net (C#) web 应用程序之后。我该如何解决?

这是我的代码。

using System;
using System.Data;
using System.Configuration;
using System.Web; 
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Net;
using System.Text.RegularExpressions;

namespace SMS
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
    textboxRecipient.Width = 400;
    textboxMessage.Width = 450;
    textboxMessage.Rows = 10;
    textboxError.Width = 400;
    textboxError.Rows = 5;

    textboxError.ForeColor = System.Drawing.Color.Red;
    textboxError.Visible = false;
    textboxError.Text = "";

    if (!Page.IsPostBack)
    {
        textboxRecipient.Text = "+85593840396";
        textboxMessage.Text = "Hello World!";
    }
}
protected void buttonSendOnClick(object sender, EventArgs e)
{

    if (textboxRecipient.Text == "")
    {
        textboxError.Text += "Recipient(s) field must not be empty!\n";
        textboxError.Visible = true;
        return;
    }


    string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running
    string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening
    string ozUser = HttpUtility.UrlEncode("tenh"); //username for successful login
    string ozPassw = HttpUtility.UrlEncode("tenh123"); //user's password
    string ozMessageType = "SMS:TEXT"; //type of message
    string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); 
    string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); 

    string createdURL = ozSURL + ":" + ozSPort + "/httpapi" +
        "?action=sendMessage" +
        "&username=" + ozUser +
        "&password=" + ozPassw +
        "&messageType=" + ozMessageType +
        "&recipient=" + ozRecipients +
        "&messageData=" + ozMessageData;

    try
    {

        HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL);


        HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();
        System.IO.StreamReader respStreamReader=new 

      System.IO.StreamReader(myResp.GetResponseStream());
        string responseString = respStreamReader.ReadToEnd();
        respStreamReader.Close();
        myResp.Close();

        //inform the user
        textboxError.Text = responseString;
        textboxError.Visible = true;
    }
    catch (Exception)
    {

        textboxError.Text = "Ozeki NG SMS Gateway Server is not running!";
        textboxError.Visible = true;
    }

  }
  }
  }

我已经在我的 web.config 中添加了以下代码:

   validateRequest="false" and requestValidationMode="2.0"
4

1 回答 1

2

不知道为什么validateRequest="false"不工作。错误原因:因为您正在从包含 Html 标签的网页获取数据,并且文本框文本属性不允许为其分配 html 字符串,所以您必须使用将 html 标签转换为其等效代码的方法。在分配responseStringtextboxError.Text. _ 此方法将潜在的不安全字符转换为它们的 HTML 编码等效字符。

textboxError.Text = Server.HTMLEncode(responseString);
于 2012-08-07T05:03:47.207 回答