asp.net-mvc-2 – 检测到一个有潜在危险的request.form值,但vali

The request validation feature in ASP.NET provides a certain level of
default protection against cross-site scripting (XSS) attacks. In
previous versions of ASP.NET,request validation was enabled by
default. However,it applied only to ASP.NET pages (.aspx files and
their class files) and only when those pages were executing.

In ASP.NET 4,by default,request validation is enabled for all
requests,because it is enabled before the BeginRequest phase of an
HTTP request. As a result,request validation applies to requests for
all ASP.NET resources,not just .aspx page requests. This includes
requests such as Web service calls and custom HTTP handlers. Request
validation is also active when custom HTTP modules are reading the
contents of an HTTP request.

As a result,request validation errors might now occur for requests
that previously did not trigger errors. To revert to the behavior of
the ASP.NET 2.0 request validation feature,add the following setting
in the Web.config file:

<httpRuntime requestValidationMode="2.0" />

However,we recommend that you analyze any request validation errors to determine whether existing handlers,modules,or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.