如何解决“未定义 ASPx”错误变成“潜在危险的 Request.Path”异常?
Posted
技术标签:
【中文标题】如何解决“未定义 ASPx”错误变成“潜在危险的 Request.Path”异常?【英文标题】:How to solve "ASPx is not defined" error which turned into "potentially dangerous Request.Path" exception? 【发布时间】:2017-06-04 23:20:32 【问题描述】:背景
我在 MVC 站点中遇到了关于捆绑和重定向的问题。该站点项目由默认路由中的桌面版本和单独区域中的移动友好主题组成。两个主题都使用捆绑配置,如下所示。
// BundleConfig.cs
using System.Web.Optimization;
public class BundleConfig
public static void RegisterBundles(BundleCollection bundles)
bundles.Add(new ScriptBundle("~/bundles/jquery").Include(
"~/Scripts/jquery-*"));
bundles.Add(new ScriptBundle("~/bundles/jqueryval").Include(
"~/Scripts/jquery.validate*"));
bundles.Add(new ScriptBundle("~/bundles/jquerymobile").Include(
"~/Scripts/jquery-1.*", "~/Scripts/jquery-ui-1.*", "~/Scripts/jquery.mobile-version.js"));
bundles.Add(new StyleBundle("~/Content/jquerymobile/css").Include(
"~/Content/jquery.mobile-version.css"));
bundles.Add(new StyleBundle("~/Content/css").Include("~/Content/Site.css"));
bundles.Add(new StyleBundle("~/Content/themes/base/css").Include(
"~/Content/themes/base/jquery.ui.core.css",
"~/Content/themes/base/jquery.ui.resizable.css",
"~/Content/themes/base/jquery.ui.selectable.css",
"~/Content/themes/base/jquery.ui.accordion.css",
"~/Content/themes/base/jquery.ui.autocomplete.css",
"~/Content/themes/base/jquery.ui.button.css",
"~/Content/themes/base/jquery.ui.dialog.css",
"~/Content/themes/base/jquery.ui.slider.css",
"~/Content/themes/base/jquery.ui.tabs.css",
"~/Content/themes/base/jquery.ui.datepicker.css",
"~/Content/themes/base/jquery.ui.progressbar.css",
"~/Content/themes/base/jquery.ui.theme.css"));
在 Global.asax 中注册的包如下:
// Global.asax
protected void Application_Start()
BundleConfig.RegisterBundles(BundleTable.Bundles);
请注意,如果使用版本 3 (details),由于 jquery.mobile-1.4.5 中的“绑定不是函数”错误,我对桌面(当前为 3.1.1)和移动主题(当前为 1.12.4)使用了不同的 jQuery 版本.
两个主题的布局视图如下:
桌面(带有 DevExpress 主题)
@using System.Web.Optimization
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, user-scalable=no, maximum-scale=1.0, minimum-scale=1.0" />
<title>@ViewBag.Title</title>
<link href="@Url.Content("~/Content/Site.css")" rel="stylesheet" type="text/css" />
@
Scripts.Render("~/bundles/jquery");
Scripts.Render("~/bundles/jqueryval");
Styles.Render("~/Content/css");
@Html.DevExpress().GetStyleSheets(
new StyleSheet ExtensionSuite = ExtensionSuite.NavigationAndLayout ,
new StyleSheet ExtensionSuite = ExtensionSuite.Editors ,
new StyleSheet ExtensionSuite = ExtensionSuite.HtmlEditor ,
new StyleSheet ExtensionSuite = ExtensionSuite.GridView ,
new StyleSheet ExtensionSuite = ExtensionSuite.CardView ,
new StyleSheet ExtensionSuite = ExtensionSuite.PivotGrid ,
new StyleSheet ExtensionSuite = ExtensionSuite.Chart ,
new StyleSheet ExtensionSuite = ExtensionSuite.Report ,
new StyleSheet ExtensionSuite = ExtensionSuite.Scheduler ,
new StyleSheet ExtensionSuite = ExtensionSuite.TreeList ,
new StyleSheet ExtensionSuite = ExtensionSuite.RichEdit ,
new StyleSheet ExtensionSuite = ExtensionSuite.Spreadsheet ,
new StyleSheet ExtensionSuite = ExtensionSuite.SpellChecker
)
@Html.DevExpress().GetScripts(
new Script ExtensionSuite = ExtensionSuite.NavigationAndLayout ,
new Script ExtensionSuite = ExtensionSuite.HtmlEditor ,
new Script ExtensionSuite = ExtensionSuite.GridView ,
new Script ExtensionSuite = ExtensionSuite.CardView ,
new Script ExtensionSuite = ExtensionSuite.PivotGrid ,
new Script ExtensionSuite = ExtensionSuite.Editors ,
new Script ExtensionSuite = ExtensionSuite.Chart ,
new Script ExtensionSuite = ExtensionSuite.Report ,
new Script ExtensionSuite = ExtensionSuite.Scheduler ,
new Script ExtensionSuite = ExtensionSuite.TreeList ,
new Script ExtensionSuite = ExtensionSuite.RichEdit ,
new Script ExtensionSuite = ExtensionSuite.Spreadsheet ,
new Script ExtensionSuite = ExtensionSuite.SpellChecker
)
<script src="@Url.Content("~/Scripts/jquery.unobtrusive-ajax.js")" type="text/javascript"></script>
</head>
<body>
<div>
<form id="form1" enctype="multipart/form-data" method="post">
@Html.DevExpress().Splitter(settings =>
settings.Name = "MainSplitter";
settings.AllowResize = false;
settings.Orientation = System.Web.UI.WebControls.Orientation.Vertical;
settings.FullscreenMode = true;
settings.SeparatorVisible = false;
settings.Styles.Pane.Border.BorderWidth = System.Web.UI.WebControls.Unit.Pixel(0);
settings.Styles.Pane.Paddings.Padding = System.Web.UI.WebControls.Unit.Pixel(0);
settings.Theme = AristaHRM.Theme.SelectTheme;
settings.Panes.Add(pane =>
pane.Name = "Header";
pane.PaneStyle.BorderBottom.BorderWidth = System.Web.UI.WebControls.Unit.Pixel(1);
pane.PaneStyle.CssClass = "headerPane";
pane.SetContent(() =>
Html.RenderPartial("HeaderPartialView", HeaderViewRenderMode.Full);
);
);
settings.Panes.Add(pane =>
pane.Name = "Content";
pane.AutoHeight = true;
pane.PaneStyle.CssClass = "mainContentPane";
pane.MinSize = System.Web.UI.WebControls.Unit.Pixel(375);
pane.ScrollBars = ScrollBars.Auto;
pane.PaneStyle.BackColor = System.Drawing.Color.White;
pane.PaneStyle.BorderBottom.BorderWidth = System.Web.UI.WebControls.Unit.Pixel(1);
pane.SetContent(RenderBody().ToHtmlString());
);
settings.Panes.Add(pane =>
pane.Name = "Footer";
pane.Size = System.Web.UI.WebControls.Unit.Pixel(45);
pane.PaneStyle.CssClass = "footerPane";
pane.SetContent(() =>
Html.RenderPartial("FooterPartialView");
);
);
).GetHtml()
</form>
</div>
</body>
</html>
Mobile(带有 jQuery 移动主题)
@using System.Web.Optimization
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>@ViewBag.Title</title>
@
@Scripts.Render("~/bundles/jquerymobile");
@Scripts.Render("~/bundles/jqueryval");
@Styles.Render("~/Content/themes/base/css");
@Styles.Render("~/Content/jquerymobile/css");
<script src="@Url.Content("~/Scripts/jquery.unobtrusive-ajax.js")" type="text/javascript"></script>
</head>
<body>
<div data-role="page" data-theme="b" style="overflow:scroll">
<div data-role="header">
<h1>Mobile HRM</h1>
</div>
<div data-role="header" style="text-align:center">
@if (IsSectionDefined("Title"))
@RenderSection("Title")
</div>
<div data-role="content" style="overflow:scroll">
@RenderBody()
</div>
<div data-role="footer" style="text-align:center">
@* this link redirects to Desktop theme as root site *@
@Html.ActionLink("Desktop View", "Index", "Home", new area = "" , new id = "button" )
</div>
</div>
<script type="text/javascript">
$(document).on('mobileinit', function ()
$.mobile.ajaxEnabled = false;
);
$(document).on('pageshow', '[data-role=page]', function ()
$(window).resize();
);
</script>
@RenderSection("Scripts", required: false)
</body>
</html>
问题陈述
通过以上设置,我成功进入移动区域,网址为/Mobile/Home/Index(注意移动区域索引页面使用移动布局)。但是,当我尝试通过“桌面视图”链接切换到桌面主题时,控制台出现错误:
在 Debugger 选项卡中签入的是 window.execScript:
( window.execScript || function( data )
window[ "eval" ].call( window, data ); // jscs:ignore requireDotNotation
)( data );
但是如果我点击控制台右侧提供的错误链接(见上图),它会显示一个查看源页面,其中包含一些错误详细信息:
System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (>).
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (>).]
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9560004
at System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53
如何解决这个区域重定向问题?
注意:我搜索了异常详细信息 (see results) 中给出的消息,并怀疑在重定向到根站点时提交了非法字符,但我无法弄清楚移动布局页面的哪个部分导致了问题。
【问题讨论】:
【参考方案1】:在 jQuery Mobile 框架中,为了启用动画页面转换,所有指向外部页面的链接都将通过 Ajax 加载。框架解析链接的 href 以制定 Ajax 请求。所有这些都是由 jQuery Mobile 自动完成的。我认为这种机制可能是您的问题的原因。 您可以尝试将属性 data-ajax="false" 添加到“桌面”链接。它将导致整个页面刷新而没有动画过渡。
@Html.ActionLink("Desktop View", "Index", "Home", new area = "", , new id = "button", data_ajax = "false" )
【讨论】:
嗯,现在可以通过在按钮链接上添加data-ajax 属性来正常工作,但我很好奇为什么即使我在移动布局中有$.mobile.ajaxEnabled = false,我仍然需要该属性(@987654321 @)?
我认为原因是您在实际加载 jQuery Mobile 之前绑定到 mobileinit。您应该尝试将其绑定到 $(document).ready 事件【参考方案2】:
我正在将 Web 应用程序从一台服务器传输到另一台服务器,但该应用程序无法正常运行。 devexpress 控件没有正确加载并且有很多 JavaScript 错误。
然后在我关闭 Plesk 面板中的 Web 应用程序防火墙后它就起作用了。
【讨论】:
以上是关于如何解决“未定义 ASPx”错误变成“潜在危险的 Request.Path”异常?的主要内容,如果未能解决你的问题,请参考以下文章
从客户端中检测到有潜在危险的 request.form值[解决方法]
从客户端中检测到有潜在危险的 request.form值[解决方法]
瑞典语字符在 Ajax 调用中给出潜在危险的 request.form 值错误