日期:2014-05-19  浏览次数:20472 次

调用Ajax之后弹出页面,主画面报错
一个页面上,有一个按钮,点击之后用Ajax访问了一下DB,根据结果,弹出一个页面。
hidAjaxRtn是主画面上的一个hidden,用来放Ajax画面写回的内容。
结果现在弹出后,主页面马上就会报错(弹出页面正常),错误如下:

A   potentially   dangerous   Request.Form   value   was   detected   from   the   client   (hidAjaxRtn= "HAVE   <!DOCTYPE   HTML   PUBLI... ").  
Description:   Request   Validation   has   detected   a   potentially   dangerous   client   input   value,   and   processing   of   the   request   has   been   aborted.   This   value   may   indicate   an   attempt   to   compromise   the   security   of   your   application,   such   as   a   cross-site   scripting   attack.   You   can   disable   request   validation   by   setting   validateRequest=false   in   the   Page   directive   or   in   the   configuration   section.   However,   it   is   strongly   recommended   that   your   application   explicitly   check   all   inputs   in   this   case.  

Exception   Details:   System.Web.HttpRequestValidationException:   A   potentially   dangerous   Request.Form   value   was   detected   from   the   client   (hidAjaxRtn= "HAVE   <!DOCTYPE   HTML   PUBLI... ").

Source   Error:  

An   unhandled   exception   was   generated   during   the   execution   of   the   current   web   request.   Information   regarding   the   origin   and   location   of   the   exception   can   be   identified   using   the   exception   stack   trace   below.    

Stack   Trace:  


[HttpRequestValidationException   (0x80004005):   A   potentially   dangerous   Request.Form   value   was   detected   from   the   client   (hidAjaxRtn= "HAVE
<!DOCTYPE   HTML   PUBLI... ").]
      System.Web.HttpRequest.ValidateString(String   s,   String   valueName,   String   collectionName)
      System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection   nvc,   String   collectionName)
      System.Web.HttpRequest.get_Form()   +113
      System.Web.UI.Page.GetCollectionBasedOnMethod()
      System.Web.UI.Page.DeterminePostBackMode()
      System.Web.UI.Page.ProcessRequestMain()
      System.Web.UI.Page.ProcessRequest()
      System.Web.UI.Page.ProcessRequest(HttpContext   context)
      System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
      System.Web.HttpApplication.ExecuteStep(IExecutionStep   step,   Boolean&   completedSynchronously)

------解决方案--------------------
在aspx文件最上面一行加上 ValidateRequest= "false ",如下所示:

<%@ Page Language= "C# " AutoEventWireup= "true " CodeFile= "DocContent.aspx.cs " Inherits= "Edit_Docs_DocContent " Va