Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
520 views
in Technique[技术] by (71.8m points)

asp.net - requestValidationMode 4.5 vs 2.0

Is there a difference between requestValidationMode="4.5" and requestValidationMode="2.0"? I have a .net 4.5 application, there is a control which I don't want to validate, as users can enter html tags in:

<asp:TextBox ID="txtTitle" runat="server" ValidateRequestMode="Disabled" />

in my web.config i have:

<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">...</compilation> 
<httpRuntime targetFramework="4.5" requestValidationMode="2.0"  />

initially I have put requestValidationMode="4.5" but that didn't work, I would still get the error about the tags - "A potentially dangerous Request.Form value was detected from the client ..." as soon as would submit the form. However if I set it to requestValidationMode="2.0" it works, i'm able to hit the PageLoad and encode the value from that field.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Yes there is a difference between the two. Anything requestValidationMode specified as 4.0 or above will use the 4.0 way and any requestValidationMode specified as below 4.0 will use the 2.0 way. Below is a description of the two:

http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx

4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.

2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

As a note: There are other solutions, since you are using asp.net 4.5 you may want to look it to validating on a per control level, that way you can leave the requestValidationMode property in the web.config at 4.5 and only change it on controls that need it. http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...