我有个url
var s='<p></p>'
url:" a.ashx?id=1&postcontext="+s
进入ashx页面提示:A potentially dangerous Request.QueryString value was detected from the client 不认<p></p>这个啊
我用encodeURIComponent(s)
和 encodeURI(s) 都不行
var s='<p></p>'
url:" a.ashx?id=1&postcontext="+s
进入ashx页面提示:A potentially dangerous Request.QueryString value was detected from the client 不认<p></p>这个啊
我用encodeURIComponent(s)
和 encodeURI(s) 都不行
你可以设置一定的规则,然后在跳转过去的ashx再转一次,就行了
比如
var s='pbiaoji'
url:" a.ashx?id=1&postcontext="+s
在ashx再把pbiaoji转为<p></p>就行了
url:"a.ashx?id=1&postcontext="+escape(s)
function () {
var title = $("#lable_title").html();
var fck = FCKeditorAPI.GetInstance("FCKeditor1");
var context = fck.GetHTML();
if (!confirm('确定要提交信息?'))
return false;
$.ajax({
type: "post",
url: "../DataHandlers/BBS/Bbs_Edit.aspx?method=postedit&id=" + GetQueryStringValue("id") + "&title=" + encodeURIComponent(title) + "&postcontext=" + encodeURIComponent(context) + "&typeid=" + GetQueryStringValue("typeid"),
success: function (status) {
if (status == 0) {
hiddenFck();
alert('信息已提交 待审核');
}
else
alert('数据错误')
},
error: function () { alert('error') } });
}
);
..后台处理 protected void Page_Load(object sender, EventArgs e)
{
string method = Request["method"];
if (method != null)
{
string msg = string.Empty;
string typeid = Request["typeid"]; switch (method)
{ case "postedit":
string id = Request["id"]; string title = Request["title"];
string post_context = Request["postcontext"];
Bbs_Posting info = new Bbs_Posting();
info.Title = title;
info.Context = post_context;
info.CreatedBy = int.Parse(EFContext.Current.UserIdentity);
info.Created = DateTime.Now;
if (!id.IsNullOrEmpty())
info.PId = int.Parse(id);
if (!typeid.IsNullOrEmpty())
info.TypeId = int.Parse(typeid);
if (IBbs_ManagersService.EditPost(info))
Response.WriteAndEnd((byte)AjaxResponseCode.Success);
else
Response.WriteAndEnd((byte)AjaxResponseCode.DataError);
break;
default:
break;
}
}
}
进入后台就报错
提示危险字符串<%@ Page Language="C#" ValidateRequest="false" AutoEventWireup="true" CodeBehind="Bbs_Edit.aspx.cs" Inherits="EFInsurance.Web.DataHandlers.BBS.Bbs_Edit" %>
问题在于 我根本就不知道哪里会出现类似这种字符
整体是一个html
<a href=""></a> 等等
都会报错
<pages validateRequest="false" enableSessionState="true" enableViewState="true"/>
提交的字符串用server.htmldecode("字符串")编码
哥们 我这不是已经写了么
不能禁止 Request.QueryString的
你可以这样var s="&lt;p&gt;&lt;/p&gt;"
url:" a.ashx?id=1&postcontext="+s