我们如何在一个信号中发送 html 标签?
How can we send html tags in onesignal?
我需要使用基于 vb.net 的网络服务中的信号向客户端发送消息。这些消息在 html 标签之间发送,例如:<html><body>message<a href="...">link</a>text,但每当我尝试通过一个信号发送它时,我都会收到此错误:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (pushMessage="message<a>link</a>text").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
有人可以提出通过 onesignal 发送 html 数据的解决方案吗?
此错误似乎发生在您的服务器端,而不是 OneSignal。
以下是 Microsoft 关于此错误消息的指南:https://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception(v=vs.110).aspx
上面link中的备注部分解释了如何解决这个问题,引用:
Constraining and validating user input is essential in a Web
application to prevent hacker attacks that rely on malicious input
strings. Cross-site scripting attacks are one example of such hacks.
Other types of malicious or undesired data can be passed in a request
through various forms of input. By limiting the kinds of data that is
passed at a low level in an application, you can prevent undesirable
events, even when programmers who are using your code do not put the
proper validation techniques in place.
Request validation detects
potentially malicious client input and throws this exception to abort
processing of the request. A request abort can indicate an attempt to
compromise the security of your application, such as a cross-site
scripting attack. It is strongly recommended that your application
explicitly check all input regarding request aborts. However, you can
disable request validation by setting the validateRequest attribute in
the directive to false, as shown in the following example: <%@ Page validateRequest="false" %> To disable request validation for your
application, you must modify or create a Web.config file for your
application and set the validateRequest attribute of the pages section
to false, as shown in the following example:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
To disable request validation for all applications
on your server, you can make this modification to the Machine.config
file.
我需要使用基于 vb.net 的网络服务中的信号向客户端发送消息。这些消息在 html 标签之间发送,例如:<html><body>message<a href="...">link</a>text,但每当我尝试通过一个信号发送它时,我都会收到此错误:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (pushMessage="message<a>link</a>text").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
有人可以提出通过 onesignal 发送 html 数据的解决方案吗?
此错误似乎发生在您的服务器端,而不是 OneSignal。
以下是 Microsoft 关于此错误消息的指南:https://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception(v=vs.110).aspx
上面link中的备注部分解释了如何解决这个问题,引用:
Constraining and validating user input is essential in a Web application to prevent hacker attacks that rely on malicious input strings. Cross-site scripting attacks are one example of such hacks. Other types of malicious or undesired data can be passed in a request through various forms of input. By limiting the kinds of data that is passed at a low level in an application, you can prevent undesirable events, even when programmers who are using your code do not put the proper validation techniques in place.
Request validation detects potentially malicious client input and throws this exception to abort processing of the request. A request abort can indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. It is strongly recommended that your application explicitly check all input regarding request aborts. However, you can disable request validation by setting the validateRequest attribute in the directive to false, as shown in the following example:
<%@ Page validateRequest="false" %>To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the pages section to false, as shown in the following example:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
To disable request validation for all applications on your server, you can make this modification to the Machine.config file.