是的。下面的类实现IHttpModule接口和寄存器以及在发生HttpRequestValidationException检查之前触发的事件。它检查请求是否为POST,并且“testinput”不为空,然后HTML将其编码。该类需要作为httpModule在Web.config中注册。
类...
using System;
using System.Collections.Specialized;
using System.Reflection;
using System.Web;
public class PrevalidationSanitizer : System.Web.IHttpModule
{
private HttpApplication httpApp;
public void Init(HttpApplication httpApp)
{
this.httpApp = httpApp;
httpApp.PreRequestHandlerExecute += new System.EventHandler(PreRequestHandlerExecute_Event);
}
public void Dispose() { }
public void PreRequestHandlerExecute_Event(object sender, System.EventArgs args)
{
NameValueCollection form = httpApp.Request.Form;
Type type = form.GetType();
PropertyInfo prop = type.GetProperty("IsReadOnly", BindingFlags.Instance
| BindingFlags.IgnoreCase | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy);
prop.SetValue(form, false, null);
if (httpApp.Request.RequestType == "POST" != null
&& httpApp.Request.Form["testinput"])
httpApp.Request.Form.Set("testinput"
, httpApp.Server.HtmlEncode(httpApp.Request.Form["testinput"]));
}
}
的web.config项...
<system.web>
<httpModules>
<add type="PrevalidationSanitizer" name="PrevalidationSanitizer" />
...
这是张贴我没有控制数据的应用程序。我打算将整个供应商应用程序从asp转换为aspx。我正在等待回应,希望我能够改变表格行动,但我不确定这个部门的灵活性。 – Dave 2009-06-29 14:13:03