Summary of solutions for insecure Request. Form values detected by ASP. NET,

Summary of solutions for insecure Request. Form values detected by ASP. NET,

When we use CKEditor and other rich text editors on our website, most of us will encounter such warnings.

This is because ASP. by default, the authentication of the page submitted content (not only ASP. net mvc and WebForms are also enabled to verify the content submitted on the page by default.) the key to solving this problem is to disable verification on pages with Rich Text editors or pages with html code submitted, it can be roughly divided into the following three situations:

Website Based on Framework2.0 webForm

In this case, the best solution is to set ValidateRequest = "false" directly in the Page command at the top of the required Page.

Website Based on Framework4 webForm

This situation is a little more troublesome than framework2.0. You need to declare ValidateRequest = "false" on the top of the page, and further modify it in the web. config file to add or modify it in web. config.

<HttpRuntime requestValidationMode = "2.0" type = "codeph" text = "/codeph"/>

ASP. MVC website

Step 1: Modify the web. config file. If it is for files in a directory, you can directly create a web. config File (web. the config file has the "proximity principle", which repeats the defined attributes to the web closest to the page. in the <system. web> Add under Node

<Pages validateRequest = "false"> </pages>

(If You Need To disable verification for most files, you can directly modify the web. config file under the root directory of the website)

In step 2, you need to add the [ValidateInput (false)] attribute to the Action method corresponding to the page to indicate canceling verification.

Step 3: Use the Html. Raw () method to output html content on the displayed page, because the html Escape function is used by default.

The above is all the content of this article. I hope you will like it.