对于ApotentiallydangerousRequest.Formvaluewas...感兴趣的读者,本文将会是一篇不错的选择,并为您提供关于ApotentiallydangerousReques
对于A potentially dangerous Request.Form value was ...感兴趣的读者,本文将会是一篇不错的选择,并为您提供关于A potentially dangerous Request.Form value was detected from the client、A potentially dangerous Request.Form value was detected from the client 的解决方法、android – Request.executeMeRequestAsync(session,Request.GraphUserCallback())函数的问题、angular-cli 项目报 Error encountered resolving symbol values statically. Function calls are not suppor...的有用信息。
本文目录一览:- A potentially dangerous Request.Form value was ...
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client 的解决方法
- android – Request.executeMeRequestAsync(session,Request.GraphUserCallback())函数的问题
- angular-cli 项目报 Error encountered resolving symbol values statically. Function calls are not suppor...
A potentially dangerous Request.Form value was ...
A potentially dangerous Request.Form value was detected from the client
针对这个问题,以前在.net Framework2.0里,只要修改
<pages validateRequest="false" />
就可以
但是现在在4.0里,需要修改
The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.
In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.
As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:
<httpRuntime requestValidationMode="2.0" />
However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.
这样才对
A potentially dangerous Request.Form value was detected from the client
A potentially dangerous Request.Form value was detected from the client
解决方案一:
在.aspx文件头中加入这句:
<%@ Page validateRequest="false" %>
解决方案二:
修改web.config文件: <configuration> <system.web> <pages validateRequest="false" /> </system.web> </configuration> 因为validateRequest默认值 为true。只要设为false即可。
A potentially dangerous Request.Form value was detected from the client 的解决方法
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
方法一:通过在 Page 指令或 配置节中设置 validateRequest="false" 可以禁用请求验证
方法二:正确的做法是在你当前页面添加Page_Error()函数,来捕获所有页面处理过程中产生的而没有处理的异常。然后给用户一个合法的报错 信息。要是当前页面没有Page_Error(),这个异常将会送到Global.asax的Application_Error()来处理,你也可以在 那里写通用的异常报错处理函数。如果两个地方都没有写异常处理函数,才会显示这个默认的报错页面呢。
举例而言,处理这个异常其实只须要很简短的一小段代码就够了。在页面的Code-behind页面中加入这么一段代码:
protected void Page_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError();
if (ex is HttpRequestValidationException)
{
Response.Write("请您输入合法字符串。");
Server.ClearError(); // 要是不ClearError()这个异常会继续传到Application_Error()。
}
}
这样这个程序就可以截获 HttpRequestValidationException 异常,而且可以按照程序员的意愿返回一个合理的报错信息。
这段代码很简单,所以我希望所有不是真的要允许用户输入之类字符的朋友,千万不要随意的禁止这个安全特性,如果只是须要异常处理,那么请用类似于上面的代码来处理即可。
而对于那些通过 明确禁止了这个特征的程序员,自己一定要明白自己在做什么,而且一定要自己手动的检查必须过滤的字符串,否则你的站点非常容易引发跨站脚本攻击。
关于存在Rich Text Editor的页面应当如何处理?
要是页面有富文本编撰器的控件的,那么必定会导致有类的HTML标签提交回来。在这种状况下,我们不得不将validateRequest="false"。那么安全性怎么处理?如何在这种状况下最大限度的预防跨站脚本攻击呢?
根据微软的建议,我们应该采取安全上称为“默认禁止,显式容许”的策略。
首先,我们将输入字符串用 HttpUtility.HtmlEncode()来编码,将其中的HTML标签彻底禁止。
然后,我们再对我们所感兴趣的、并且是安全标签,通过Replace()进行替换。譬如,我们希望有""标签,那么我们就将""显式的替换回""。
示例代码如下:
void submitBtn_Click(object sender, EventArgs e)
...{
// 将输入字符串编码,这样所有的HTML标签都失效了。
StringBuilder sb = new StringBuilder(
HttpUtility.HtmlEncode(htmlInputTxt.Text));
// 然后我们选择性的允许<b> 和 <i>
sb.Replace("<b>", "<b>");
sb.Replace("</b>", "");
sb.Replace("<i>", "<i>");
sb.Replace("</i>", "");
Response.Write(sb.ToString());
}
依据微软提供的建议,我们要慎重容许下列HTML标签,因为这些HTML标签都是有可能导致跨站脚本攻击的。
可能这里最让人不能理解的是<img>。但是,看过下列代码后,就应当明白其危险性了。
<img src="javascript:alert('hello');">
<img src="java script:alert('hello');">
<img src="java script:alert('hello');">
通过<img>标签是有可能导致Javascript执行的,这样攻击者就可以做他想伪装的任何事情。
关于<style>也是一样:
<style TYPE="text/javascript">...
alert('hello');
</style>
android – Request.executeMeRequestAsync(session,Request.GraphUserCallback())函数的问题
我对哈希键和所有内容都有很多问题,我认为我已经解决了所有这些问题,因为我的会话已经处于OPENED状态.
我现在遇到的问题是,在我登录facebook后,当会话已经打开时,代码执行Request.executeMeRquestAsync()并且它永远不会进入onComplete()部分……任何想法?
这是代码……
package com.example.firstandroidapp;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import android.app.Activity;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;
import android.os.Bundle;
import android.util.Base64;
import android.util.Log;
import android.widget.TextView;
import com.facebook.Request;
import com.facebook.Response;
import com.facebook.Session;
import com.facebook.SessionState;
import com.facebook.model.GraphUser;
public class MainActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
// start Facebook Login
Session.openActiveSession(this,true,new Session.StatusCallback() {
// callback when session changes state
@Override
public void call(Session session,SessionState state,Exception exception) {
try {
PackageInfo info = getPackageManager().getPackageInfo("com.example.firstandroidapp",PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.i("Digest: ",Base64.encodetoString(md.digest(),0));
}
} catch (NameNotFoundException e) {
Log.e("Test",e.getMessage());
} catch (NoSuchAlgorithmException e) {
Log.e("Test",e.getMessage());
}
if (session.isOpened()) {
// make request to the /me API
Request.executeMeRequestAsync(session,new Request.GraphUserCallback() {
// callback after Graph API response with user object
@Override
public void onCompleted(GraphUser user,Response response) {
// it never gets here...
if (user != null) {
TextView welcome = (TextView) findViewById(R.id.welcome);
welcome.setText("Hello " + user.getName() + "!");
}
}
});
}
}
});
}
@Override
public void onActivityResult(int requestCode,int resultCode,Intent data) {
super.onActivityResult(requestCode,resultCode,data);
Session.getActiveSession().onActivityResult(this,requestCode,data);
}
}
Thanx非常提前.
大卫.
解决方法
该教程告诉我们修改AndroidManifest.xml.在修改中,我将下面的标记放在错误的位置(我没有使用Eclipse来修改清单文件),这阻止了回调.
<manifest ...>
...
<application ...>
...
<activity android:name="com.facebook.LoginActivity"/>
...
<Meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@string/app_id"/>
...
</application>
...
<uses-permission android:name="android.permission.INTERNET"/>
...
</manifest>
尝试仔细检查您的AndroidManifest.xml. The official document会有所帮助.
angular-cli 项目报 Error encountered resolving symbol values statically. Function calls are not suppor...
安装同事打包的一个模块,报了这么个错,不过在其他地方使用是正常的。
Error encountered resolving symbol values statically. Function calls are not supported.
解决的办法
在 tsconfig.json 文件中添加
{
...
"compilerOptions": {
..
"skipLibCheck": true,
"noStrictGenericChecks": false,
"paths": {
"@angular/*": ["../node_modules/@angular/*"],
...
}
},
"exclude": [
...
]
}
关于A potentially dangerous Request.Form value was ...的介绍现已完结,谢谢您的耐心阅读,如果想了解更多关于A potentially dangerous Request.Form value was detected from the client、A potentially dangerous Request.Form value was detected from the client 的解决方法、android – Request.executeMeRequestAsync(session,Request.GraphUserCallback())函数的问题、angular-cli 项目报 Error encountered resolving symbol values statically. Function calls are not suppor...的相关知识,请在本站寻找。
本文标签:
