本文整理汇总了C#中System.Web.HttpRequest.ValidateInput方法的典型用法代码示例。如果您正苦于以下问题:C# HttpRequest.ValidateInput方法的具体用法?C# HttpRequest.ValidateInput怎么用?C# HttpRequest.ValidateInput使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Web.HttpRequest的用法示例。
在下文中一共展示了HttpRequest.ValidateInput方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: ValidateInput_XSS_Null
public void ValidateInput_XSS_Null ()
{
string problem = "http://secunia.com/?test=<%00SCRIPT>alert(document.cookie)</SCRIPT>";
string decoded = HttpUtility.UrlDecode (problem);
int n = decoded.IndexOf ('?');
HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
request.ValidateInput ();
// the next statement throws
Assert.AreEqual ("<SCRIPT>alert(document.cookie)</SCRIPT>", request.QueryString ["test"], "QueryString");
}示例2: ValidateInput_XSS_Unicode
public void ValidateInput_XSS_Unicode ()
{
string problem = "http://server.com/attack2.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e";
string decoded = HttpUtility.UrlDecode (problem);
int n = decoded.IndexOf ('?');
HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
request.ValidateInput ();
// the next statement throws
Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString");
}示例3: HttpException
void IHttpHandler.ProcessRequest(HttpContext context) {
// VSWhidbey 448844: Disable handler if retail is set to true
if (DeploymentSection.RetailInternal ||
(!context.Request.IsLocal && HttpRuntime.Profile.LocalOnly)) {
HttpException e = new HttpException(403, null);
e.SetFormatter(new TraceHandlerErrorFormatter(!DeploymentSection.RetailInternal));
throw e;
}
_context = context;
_response = _context.Response;
_request = _context.Request;
_writer = Page.CreateHtmlTextWriterInternal(_response.Output, _request);
// if we're in integrated mode, we need to set the content type explicitly
if (context.WorkerRequest is IIS7WorkerRequest) {
_response.ContentType = _request.Browser.PreferredRenderingMime;
}
if (_writer == null) {
// Can't create a writer, horked at this point, just return
return;
}
_context.Trace.IsEnabled = false;
// Validate the input to prevent XSS attacks.
_request.ValidateInput();
_writer.Write("<html>\r\n");
_writer.Write("<head>\r\n");
_writer.Write(StyleSheet);
_writer.Write("</head>\r\n");
_writer.Write("<body>\r\n");
_writer.Write("<span class=\"tracecontent\">\r\n");
if (!HttpRuntime.Profile.IsConfigEnabled) {
HttpException e = new HttpException();
e.SetFormatter(new TraceHandlerErrorFormatter(false));
throw e;
}
IList datasets = HttpRuntime.Profile.GetData();
// first check if we should clear data
if (_request.QueryString["clear"] != null) {
HttpRuntime.Profile.Reset();
string url = _request.RawUrl;
_response.Redirect(url.Substring(0, url.IndexOf("?", StringComparison.Ordinal)));
}
// then check if we are drilling down
string strid = _request.QueryString["id"];
if (strid != null) {
int index = Int32.Parse(strid, CultureInfo.InvariantCulture);
if (index >=0 && index < datasets.Count) {
ShowDetails((DataSet) datasets[index]);
ShowVersionDetails();
_writer.Write("</span>\r\n</body>\r\n</html>\r\n");
return;
}
}
// if we get here, its just generic request
ShowRequests(datasets);
ShowVersionDetails();
_writer.Write("</span>\r\n</body>\r\n</html>\r\n");
}