asp.netÌá½»html±ê¼ÇºóµÄ×îÓÅ°²È«´¦Àí

ASP.Net 1.1ºóÒýÈëÁ˶ÔÌá½»±íµ¥×Ô¶¯¼ì²éÊÇ·ñ´æÔÚXSS(¿çÕ¾½Å±¾¹¥»÷)µÄÄÜÁ¦¡£µ±Óû§ÊÔͼÓÃÖ®ÀàµÄÊäÈëÓ°ÏìÒ³Ãæ·µ»Ø½á¹ûµÄʱºò£¬ASP.NetµÄÒýÇæ»áÒý·¢Ò»¸ö HttpRequestValidationExceptioin¡£Ä¬ÈÏÇé¿öÏ»᷵»ØÈçÏÂÎÄ×ÖµÄÒ³Ã棺
ÒÔÏÂÊÇÒýÓÃƬ¶Î£º
Server Error in '/YourApplicationPath' Application
A potentially dangerous Request.Form value was detected from the client
(txtName="<b>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtName="<b>").
....
¡¡¡¡ÕâÊÇASP.NetÌṩµÄÒ»¸öºÜÖØÒªµÄ°²È«ÌØÐÔ¡£ÒòΪºÜ¶à³ÌÐòÔ±¶Ô°²È«Ã»ÓиÅÄÉõÖÁ¶¼²»ÖªµÀXSSÕâÖÖ¹¥»÷µÄ´æÔÚ£¬ÖªµÀÖ÷¶¯È¥·À»¤µÄ¾Í¸üÉÙÁË¡£ASP.NetÔÚÕâÒ»µãÉÏ×öµ½Ä¬ÈÏ°²È«¡£ÕâÑùÈö԰²È«²»ÊǺÜÁ˽âµÄ³ÌÐòÔ±ÒÀ¾É¿ÉÒÔд³öÓÐÒ»¶¨°²È«·À»¤ÄÜÁ¦µÄÍøÕ¾¡£
¡¡¡¡µ«ÊÇ£¬µ±ÎÒGoogleËÑË÷ HttpRequestValidationException »òÕß "A potentially dangerous Request.Form value was detected from the client"µÄʱºò£¬¾ªÆæµÄ·¢Ïִ󲿷ÖÈ˸ø³öµÄ½â¾ö·½°¸¾¹È»ÊÇÔÚASP.NetÒ³ÃæÃèÊöÖÐͨ¹ýÉèÖà validateRequest=false À´½ûÓÃÕâ¸öÌØÐÔ£¬¶ø²»È¥¹ØÐÄÄǸö³ÌÐòÔ±µÄÍøÕ¾ÊÇ·ñÕæµÄ²»ÐèÒªÕâ¸öÌØÐÔ¡£¿´µÃÎÒÕâ½ÐÒ»¸öµ¨Õ½Ðľª¡£°²È«ÒâʶӦ¸Ãʱʱ¿Ì¿ÌÔÚÿһ¸ö³ÌÐòÔ±µÄÐÄÀ²»¹ÜÄã¶Ô°²È«µÄ¸ÅÄîÁ˽â¶àÉÙ£¬Ò»¸öÖ÷¶¯µÄÒâʶÔÚÄÔ×ÓÀÄãµÄÕ¾µã¾Í»á°²È«ºÜ¶à¡£
¡¡¡¡ÎªÊ²Ã´ºÜ¶à³ÌÐòÔ±ÏëÒª½ûÖ¹ validateRequest ÄØ?ÓÐÒ»²¿·ÖÊÇÕæµÄÐèÒªÓû§ÊäÈë"<>"Ö®ÀàµÄ×Ö·û¡£Õâ¾Í²»±Ø˵ÁË¡£»¹ÓÐÒ»²¿·ÖÆäʵ²¢²»ÊÇÓû§ÔÊÐíÊäÈëÄÇЩÈÝÒ×ÒýÆðXSSµÄ×Ö·û£¬¶øÊÇÌÖÑáÕâÖÖ±¨´íµÄÐÎʽ£¬±Ï¾¹Ò»´ó¶ÎÓ¢ÎļÓÉÏÒ»¸öASP.NetµäÐÍÒì³£´íÎóÐÅÏ¢£¬ÏÔµÃÕâ¸öÕ¾µã³ö´íÁË£¬¶ø²»ÊÇÓû§ÊäÈëÁË·Ç·¨µÄ×Ö·û£¬¿ÉÊÇ×Ô¼ºÓÖ²»ÖªµÀÔõô²»ÈÃË