webforms - validateRequest=true and requestValidationMode="4.0" lets html through -

-

I have a web form website on IIS7 and .NET 4.5.1 and I want Microsoft's request recognition. The web.config default value for Valid.request and requestValidationMode is considered "true" and "4.0" respectively and this should be what I want (I have tried to specify them). 

  & lt; Confirm valid pages = "true" & gt; & Lt; HttpRuntime requestValidationMode = "4.0" />

For some reason, when I am trying to submit an HTML tag (tried & lt; script> and & lt; a>) in a form, I hope The potentially dangerous request error, but the tag is saved in the database. Why did it go through? I just take the text value of the text box and send it to my DB, but I hope there will be an error to stop it from happening.

When I tried the setting: 

  & lt; HttpRuntime requestValidationMode = "2.0" />

The error was the same, but this time, the tag did not end in the database, which I want.

I would like to understand why the less secure recognition mode "2.0" is the only one which actually prevents the request from going into my case, which does not make much sense. I am missing something, please tell me whether I have to provide other information.

I have found a solution to your problem, it will appear that all the values ​​above "4.0" "4.0" is interpreted as, but this is not true. Reading, I have come to know that "4.5" is fair and just does what I wanted.


Comments

Post a Comment

Popular posts from this blog

winforms - C# Form - Property Change -

-
I have a form that has a property named car A class with many properties. The Properties is being displayed on the current car on the basis of some user actions that are being displayed. So I have to know whether the property has been allocated or set to zero. I'm aware of INotifyPropertyChanged , but in my case I'm not sure that since this change I have changed my car properties car do not want to monitor the property. Any idea how to accomplish this? In advance thank you If you have created a true asset in your class then You should be a great and setter, you can add the code directly to the form property in order to take action on the basis of "form": Public partial category Form 1: form {public form 1 () {InitializeComponent (); } // define car square public class car {public string name = string. Empty; } // private car to keep the value of the current car private variable _car = null; // Property of public form which you can ru...
Read more

java - Messages from .properties file do not display UTF-8 characters -

-
Image
In the form of a title, I can only add that if I enter the html file manually, then it Okay. View Rolver: & lt; Bean id = "templorellolver" class = "org.thymeleaf.templateresolver.ServletContextTemplateResolver" & gt; & Lt; Property name = "prefix" value = "/ web-nf / templates" /> & Lt; Property name = "suffix" value = ". Html" /> & Lt; Property Name = "Template Mode" Value = "HTML5" /> & Lt; Asset name = "cacheable" value = "wrong" /> & Lt; Property Name = "characterEncoding" value = "UTF-8" /> & Lt; / Bean & gt; & Lt; Bean id = "Template Engine" class = "org.thymeleaf.spring3.SpringTemplateEngine" & gt; & Lt; Property Name = "Temploreolar" ref = "Templarolver" /> & Lt; / Bean & gt; & Lt; Bean square = "org.thymeleaf.spring3.view.Thymel...
Read more

javascript - amcharts makechart not working -

-
I am trying to create an amiratars serial chart on my Durandal single page application. This chart was working fine on Chrome browser but it is not working on IE. Can you please help me in this regard. Error while using Amcharts. The Macchart () method does not support the object in this object in IE.
Read more