by kevin
30.
八月 2013 13:56
>
碰到一个管理后台项目,使用的是Asp.net 2.0时候的WebForm,但项目已经升级到Asp.net 4.0了。 今天碰到一个小意外,测试那边报了一个HttpRequestValidationException,在.net 2.0时代,将页面的ValidateRequest设置为false,或者在Web.Config里面设置<pages validateRequest="false" />,升级到.net 4.0后,验证模式也已经升级了。所以如果采用默认的设置,就会报HttpRequestValidationException,解决的办法是,将RequestValidationMode设置为2.0,代码如下:
1: <system.web>
2: <compilation debug="true" targetFramework="4.0"/>
3: <httpRuntime requestValidationMode="2.0" />
4: <pages validateRequest="false"></pages>
5: </system.web>
关于RequestValidationMode,有两个值,默认是4.0
-
4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.
-
2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.