System.Web.HttpRequestValidationException:从客户端检测到潜在危险的 Request.Form 值
当上面出现异常时,通常建议使用以下属性禁用验证请求
[ValidateInput(false)]
public ActionResult Save(string content)
{
System.IO.File.WriteAllText(fileName, content);
return View();
}
那为什么还要提出这个验证呢?如何正确处理此异常?
当 URL 请求(您的示例:)string content包含危险关键字时:“>、?、< 等...”。如果你想处理这个异常(例如:允许这些),你可以按照示例代码:
using System;
using System.Web.Mvc;
namespace Custom {
public class CustomValidateInput : FilterAttribute, IAuthorizationFilter {
/// <summary>
/// Called when authorization is required.
/// </summary>
/// <param name="filterContext">The filter context.</param>
/// <exception cref="System.ArgumentNullException">filterContext</exception>
public void OnAuthorization(AuthorizationContext filterContext) {
if (filterContext == null) {
throw new ArgumentNullException("filterContext");
}
//Set disable validation request
filterContext.Controller.ValidateRequest = false;
//----------Your code handle here------------//
}
}
}
和
[CustomValidateInput]
public ActionResult Save(string content)
{
System.IO.File.WriteAllText(fileName, content);
return View();
}