¹ØÓÚASP.NetµÄvalidateRequest=false£¨ÑéÖ¤ÇëÇó£©

ASP.NetµÄvalidateRequest=false
      validateRequest="false"   Ö¸ÊÇ·ñÒªIISÑéÖ¤Ò³ÃæÌá½»µÄ·Ç·¨×Ö·û£¬±ÈÈ磺>,<ºÅµÈ,µ±ÎÒÃÇÐèÒª½«Ò»¶¨¸ñʽµÃhtml´úÂë»ñµÃ£¬²åÈëÊý¾Ý¿âʱºò£¬¾ÍÒª½«Õâ¸öÊôÐÔÉèÖÃΪfalse,ÀýÈçÄ㽫×ÖÌå¼Ó´ÖµÈ²Ù×÷ʱ¡£
   
ASP.Net 1.1ºóÒýÈëÁ˶ÔÌá½»±íµ¥×Ô¶¯¼ì²éÊÇ·ñ´æÔÚXSS(¿çÕ¾½Å±¾¹¥»÷)µÄÄÜÁ¦¡£µ±Óû§ÊÔͼÓÃÖ®ÀàµÄÊäÈëÓ°ÏìÒ³Ãæ·µ»Ø½á¹ûµÄʱºò£¬ASP.NetµÄÒýÇæ»áÒý·¢Ò»¸ö HttpRequestValidationExceptioin¡£Ä¬ÈÏÇé¿öÏ»᷵»ØÈçÏÂÎÄ×ÖµÄÒ³Ã棺
ÒÔÏÂÊÇÒýÓÃƬ¶Î£º
Server Error in '/YourApplicationPath' Application
A potentially dangerous Request.Form value was detected from the client
(txtName="<b>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtName="<b>").
....
¡¡¡¡ÕâÊÇASP.NetÌṩµÄÒ»¸öºÜÖØÒªµÄ°²È«ÌØÐÔ¡£ÒòΪºÜ¶à³ÌÐòÔ±¶Ô°²È«Ã»ÓиÅÄÉõÖÁ¶¼²»ÖªµÀXSSÕâÖÖ¹¥»÷µÄ´æÔÚ£¬ÖªµÀÖ÷¶¯È¥·À»¤µÄ¾Í¸üÉÙÁË¡£ASP.NetÔÚÕâÒ»µãÉÏ×öµ½Ä¬ÈÏ°²È«¡£ÕâÑùÈö԰²È«²»ÊǺÜÁ˽âµÄ³ÌÐòÔ±ÒÀ¾É¿ÉÒÔд³öÓÐÒ»¶¨°²È«·À»¤ÄÜÁ¦µÄÍøÕ¾¡£
¡¡¡¡µ«ÊÇ£¬µ±ÎÒGoogleËÑË÷ HttpRequestValidationException »òÕß "A potentially dangerous Request.Form value was detected from the client"µÄʱºò£¬¾ªÆæµÄ·¢Ïִ󲿷ÖÈ˸ø³öµÄ½â¾ö·½°¸¾¹È»ÊÇÔÚASP.NetÒ³ÃæÃèÊöÖÐͨ¹ýÉèÖà validateRequest=false À´½ûÓÃÕâ¸öÌØÐÔ£¬¶ø²»È¥¹ØÐÄÄǸö³ÌÐòÔ±µÄÍøÕ¾ÊÇ·ñÕæµÄ²»ÐèÒªÕâ¸öÌØÐÔ¡£¿´µÃÎÒÕâ½ÐÒ»¸öµ¨Õ½Ðľª¡£°²È«ÒâʶӦ¸Ãʱʱ¿Ì¿ÌÔÚÿһ¸ö³ÌÐòÔ±µÄÐÄÀ²»¹ÜÄã¶Ô°²È«µÄ¸ÅÄîÁ˽â¶àÉÙ£¬Ò»¸öÖ÷¶¯µÄÒâʶÔÚÄÔ×ÓÀÄãµÄÕ¾µã¾Í»á°²È«ºÜ¶à¡£
¡¡¡¡ÎªÊ²Ã´ºÜ¶à³ÌÐòÔ±ÏëÒª½ûÖ¹