问题描述
我想允许用户在只有一个单一的文本框中输入HTML。我知道这是可能的Page指令改变ValidateRequest假以取消保护。
I'm wanting to allow users to enter HTML in only a single textbox. I understand it's possible to change ValidateRequest in the Page directive to false in order to remove protection.
我猜,这使得HTML在页面上的任何文本框输入。反正是有适用ValidateRequest =假只有一个单一的控制?
I'm guessing that this allows HTML to be entered in any textbox on the page. Is there anyway to apply ValidateRequest=False on only a single control?
感谢您的帮助。
推荐答案
没有,请求验证是为整个请求或没有。
No, the request validation is for the entire request or nothing.
验证加为默认保护开发谁是无能输入验证。如果你知道,所有的输入必须被视为不安全的,知道如何正确地连接,您从输入用它来保护自己的东西如SQL注入和跨站脚本code的数据,你可以把验证过。
The validation was added as a default to protect developers who are clueless about input validation. If you know that all input has to be treated as unsafe and know how to properly encode data that you use from the input to protect yourself from things like SQL injection and cross site scripting, you can turn the validation off.
更新:在.NET 4.5的<$c$c>ValidateRequestMode$c$c>加入财产,它允许从页面验证全球排除控制。
Update: In .NET 4.5 the ValidateRequestMode
property was added, which allows excluding controls from the page global validation.
这篇关于ValidateRequest =&QUOT;假&QUOT;单一控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!