admin管理员组文章数量:1435859
I am working on ASP.NET3.5 platform. I have used a file upload control and a asp button to upload a file. Whenever i try to upload a file which contain special characterlike (file#&%.txt) it show crash and give the messeage
--------------------------------------------------------------------------------
Server Error in 'myapplication' Application.
--------------------------------------------------------------------------------
A potentially dangerous Request.Files value was detected from the client
(filename="...\New Text &#.txt").
Description: Request Validation has detected a potentially dangerous client input
value, and processing of the request has been aborted. This value may indicate an
attempt to promise the security of your application, such as a cross-site
scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly remended that your application explicitly check all
inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Files value was detected from the client
(filename="...\New Text &#.txt").
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.
--------------------------------------------------------------------------------
how can i prevent this crash using javascript at client side?
I am working on ASP.NET3.5 platform. I have used a file upload control and a asp button to upload a file. Whenever i try to upload a file which contain special characterlike (file#&%.txt) it show crash and give the messeage
--------------------------------------------------------------------------------
Server Error in 'myapplication' Application.
--------------------------------------------------------------------------------
A potentially dangerous Request.Files value was detected from the client
(filename="...\New Text &#.txt").
Description: Request Validation has detected a potentially dangerous client input
value, and processing of the request has been aborted. This value may indicate an
attempt to promise the security of your application, such as a cross-site
scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly remended that your application explicitly check all
inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Files value was detected from the client
(filename="...\New Text &#.txt").
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.
--------------------------------------------------------------------------------
how can i prevent this crash using javascript at client side?
Share Improve this question edited May 24, 2010 at 6:23 TheVillageIdiot 40.5k22 gold badges135 silver badges192 bronze badges asked May 24, 2010 at 6:15 SubbuSubbu 3,2995 gold badges25 silver badges36 bronze badges3 Answers
Reset to default 2A very simple solution is to validate the filename on click of the button (or some other control) that triggers upload like this and stop upload if there is some problem with filename:
<asp:FileUpload ID="fu1" runat="server" />
<asp:Button ID="btn" runat="server" CausesValidation="true" Text="Click"
OnClientClick="return ValidateFileName();" />
<script type="text/javascript">
function ValidateFileName() {
var fu = document.getElementById("<%= fu1.ClientID %>");
var f = fu.value + "";
if ((f.indexOf("#", 0) >= 0) || (f.indexOf("$", 0) >= 0) ||
(f.indexOf("%", 0) >= 0) || (f.indexOf("^", 0) >= 0)) {
alert("Filename: [" + f + "] contains invalid char");
return false;//will stop button click event here
}
return true;
}
</script>
In an answer similar your other question, you cannot "know" the filename of the files that are being uploaded on the client side, because the browser does not let the javascript see that. As I said on that question, you can use something like SWFupload to give you a bit more control on the client-side and detect this if you like.
You can also take a look at this question for some ideas on how to disable the validation on the server-side.
The ASP.NET page validation just allows you to be lazy and not bother checking your inputs for characters which COULD be used for some sort of attack. However, if you're following good programming practices such as Html.Encode-ing things you display and using parameters for SQL queries, this validation is a lot less useful and I find gets in the way!
Disable it for your file upload page by setting validateRequest=false in the page directive. Just make sure you are checking any other values being entered on that page.
本文标签:
版权声明:本文标题:c# - how can we apply client side validation on fileupload control in ASP.NET to check filename contain special character? - Sta 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745615515a2666376.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论