A potentially dangerous Request Path value was detected from
A potentially dangerous Request.Path value was detected from the client
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
這是因為上述地址中有*這個特殊字元存在。
如果你想不讓ASP.net 替你攔截這些特殊字元,你需要設定如下Web.config的節:
<?xml version="1.0"?><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><system.web><httpRuntime requestPathInvalidCharacters="" /></system.web></configuration>
注意其中的requestPathInvalidCharacters
即,不設定這個屬性,預設就是如下設定:
<?xml version="1.0"?><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><system.web><httpRuntime requestPathInvalidCharacters="<,>,*,%,:,&,/" /></system.web></configuration>
如果你想這些字元全部不受限制,就應該設定 requestPathInvalidCharacters="" , 如果是部分字元受限制,部分字元不受限制,就需要在 requestPathInvalidCharacters 中設定需要受限制的字元,不受限制的不用設定。
參考資料:
Experiments in Wackiness: Allowing percents, angle-brackets, and other naughty things in the ASP.NET/IIS Request URL http://www.budoou.com/article/981320/