c# - 更改HttpContext.Request.InputStream(Change HttpContext.Request.InputStream)

Question

I am getting lot of errors for HttpRequestValidationException in my event log.

(我的事件日志中出现HttpRequestValidationException的许多错误。)

Is it possible to HTMLEncode all the inputs from override of ProcessRequest on web page.

(是否可以对网页上的ProcessRequest进行覆盖来对所有输入进行HTMLEncode。)

I have tried this but it gives context.Request.InputStream.CanWrite == false always.

(我已经尝试过了，但是它总是提供context.Request.InputStream.CanWrite == false。)

Is there any way to HTMLEncode all the feilds when request is made?

(提出请求后，有什么方法可以对所有字段进行HTMLEncode？)

public override void ProcessRequest(HttpContext context)
            {
                if (context.Request.InputStream.CanRead)
                {
                    IEnumerator en = HttpContext.Current.Request.Form.GetEnumerator();
                    while (en.MoveNext())
                    {
                        //Response.Write(Server.HtmlEncode(en.Current + " = " +
                        //HttpContext.Current.Request.Form[(string)en.Current]));
                    }

                    long nLen = context.Request.InputStream.Length;
                    if (nLen > 0)
                    {
                        string strInputStream = string.Empty;

                        context.Request.InputStream.Position = 0;
                        byte[] bytes = new byte[nLen];
                        context.Request.InputStream.Read(bytes, 0, Convert.ToInt32(nLen));
                        strInputStream = Encoding.Default.GetString(bytes);
                        if (!string.IsNullOrEmpty(strInputStream))
                        {
                            List<string> stream = strInputStream.Split('&').ToList<string>();
                            Dictionary<int, string> data = new Dictionary<int, string>();
                            if (stream != null && stream.Count > 0)
                            {
                                int index = 0;
                                foreach (string str in stream)
                                {
                                    if (str.Length > 3 && str.Substring(0, 3) == "txt")
                                    {
                                        string textBoxData = str;
                                        string temp = Server.HtmlEncode(str);
                                        //stream[index] = temp;
                                        data.Add(index, temp);
                                        index++;
                                    }
                                }

                                if (data.Count > 0)
                                {
                                    List<string> streamNew = stream;
                                    foreach (KeyValuePair<int, string> kvp in data)
                                    {
                                        streamNew[kvp.Key] = kvp.Value;
                                    }

                                    string newStream = string.Join("", streamNew.ToArray());

                                    byte[] bytesNew = Encoding.Default.GetBytes(newStream);

                                    if (context.Request.InputStream.CanWrite)
                                    {

                                        context.Request.InputStream.Flush();
                                        context.Request.InputStream.Position = 0;
                                        context.Request.InputStream.Write(bytesNew, 0, bytesNew.Length);
                                        //Request.InputStream.Close();
                                        //Request.InputStream.Dispose();
                                    }
                                }
                            }
                        }
                    }
                }


                base.ProcessRequest(context);
            }

  ask by user320478 translate from so

Answer 1

您必须提供属性validateRequest = false并手动对用户输入进行必要的验证。

<%@ Page language="c#" validateRequest="false" Codebehind="TestForm.aspx.cs" AutoEventWireup="false" Inherits="TestForm" %>