c# - How to check if string will fire “A potentially dangerous Request.Form value was detected…” error -


similar this question don't care characters will/won't cause error fire. i'm more curious method can call, check myself, if current string fire above error message.

to give bit of background, i'm creating random passwords when user forgets theirs , needs reset. unfortunately, random password generator "accidentally" created 1 &# in recently. caused page break when user tried login it.

as mentioned in plenty of posts around topic, validaterequest=false (or <httpruntime requestvalidationmode="2.0" /> .net 4.0) can used turn off .net checking these exploits, don't see reason lose layer of security when i'm 1 creating string in first place. , telling random generator re-randomize on incomplete list (<, &#, etc) doesn't seem cleanest solution i'd use same method of checking .net using.

microsoft's explanation of exploits in question , being done guard against them here.

this guy talks finding function called isdangerousstring after digging in reflector, i'm not able find function use it. he's referring .net 1.1 , i'm working .net 3.5

the asp.net class validates requests system.web.crosssitescriptingvalidation, , method want isdangerousstring. unfortunately, both marked internal, can't access them directly. have several options:

option 1: call isdangerousstring via reflection. however, microsoft change method @ time, break applicaton.

option 2: decompile isdangerousstring , copy own application. see code below.

option 3: call membership.generatepassword. returns password guaranteed pass request validation.

excerpts asp.net crosssitescriptingvalidation class (via .net reflector):

private static char[] startingchars = new char[] { '<', '&' }; internal static bool isdangerousstring(string s, out int matchindex) { matchindex = 0; int startindex = 0; while (true) { int num2 = s.indexofany(startingchars, startindex); if (num2 < 0) { return false; } if (num2 == (s.length - 1)) { return false; } matchindex = num2; char ch = s[num2]; if (ch != '&') { if ((ch == '<') && ((isatoz(s[num2 + 1]) || (s[num2 + 1] == '!')) || ((s[num2 + 1] == '/') || (s[num2 + 1] == '?')))) { return true; } } else if (s[num2 + 1] == '#') { return true; } startindex = num2 + 1; } } private static bool isatoz(char c) { return (((c >= 'a') && (c <= 'z')) || ((c >= 'a') && (c <= 'z'))); }

Comments

Post a Comment

Popular posts from this blog

javascript - backbone.js Collection.add() doesn't `construct` (`initialize`) an object -

<!doctype html public "-//w3c//dtd xhtml 1.0 strict//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="http://documentcloud.github.com/underscore/underscore-min.js"></script> <script src="http://documentcloud.github.com/backbone/backbone-min.js"></script> </head> <body> <button id="cmd_create_event" name="cmd_create_event" type="button">create new `event`</button> <script type="text/javascript"> var eventmodel = backbone.model.extend({ initialize : function() { console.log("`event` initialized. id: " + this.cid); this.bind("change:status", function() { console.log(this.get("status") + " value `status`"); }); this.bind("error", function(model, e...
Read more

php - Get uncommon values from two or more arrays -

is there function in php give array of uncommon values 2 or more arrays? for example: $array1 = array( "green", "red", "blue"); $array2 = array( "green", "yellow", "red"); .... $result = function_needed($array1, $array2,...); print_r($result); should give output: array("blue", "yellow", ...); use array_diff , array_merge : $result = array_merge(array_diff($array1, $array2), array_diff($array2, $array1)); here's demo. for multiple arrays, combine callback , array_reduce : function unique(&$a, $b) { return $a ? array_merge(array_diff($a, $b), array_diff($b, $a)) : $b; } $arrays = array( array('green', 'red', 'blue'), array('green', 'yellow', 'red') ); $result = array_reduce($arrays, 'unique'); and here's demo of that.
Read more

Adding duplicate array rows in Php -

i create function in php adds rows of array shared column value. so input. $test = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); and output. $testduplicatefree = array( array("c", 7, 9), array("test", 5, 6) ) ); i'm thinking function combine_duplicates($array,$col){ ... ... return $duplicatefreearray; } where $col duplicate free array. so, in case, combine_duplicates($test,0); would me desired output. this. <?php function combine_duplicates($array,$col) { $index = array(); foreach ($array $row) { $key = $row[$col]; if (!isset($index[$key])) { $index[$key] = $row; } else { ($i = 0; $i < count($row); ++$i) { if ($i != $col) { $index[$key][$i] += $row[$i]; } } } } return array_values($index); } $array = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); print_r(combine_duplicates($array, 0)); try here: http://codepad.org/mdhesqhi
Read more