我的引擎是Aspx。
如何解码/编码文本框中的html标记。
我有html标签
以使其更具可读性。
我尝试了ValidationRequest和htmlDecode(freqQuestion.Answer),但没有运气。
我只是不断得到同样的信息。
'/ Administrator'应用程序中的服务器错误。从中检测到一个潜在危险的Request.Form值 客户(QuestionAnswer =“... ...电话:
123-456-7890描述:请求验证检测到有潜在危险 客户端输入值,请求的处理已中止。 此值可能表示试图破坏您的安全性 应用程序,例如跨站点脚本攻击。允许页面 覆盖应用程序请求验证设置,设置 httpRuntime配置中的requestValidationMode属性 section to requestValidationMode =“2.0”。示例:。设置此值后,您可以 通过在中设置validateRequest =“false”来禁用请求验证 Page指令或在配置部分。但是,确实如此 强烈建议您的应用程序明确检查所有输入 在这种情况下。有关更多信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=153133
View Page
<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" validateRequest="false" Inherits="System.Web.Mvc.ViewPage<dynamic>" %>
<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
EditFreqQuestionsUser
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<script type="text/javascript">
$(document).ready(function () {
$("#freqQuestionsUserUpdateButton").click(function () {
$("#updateFreqQuestionsUser").submit();
});
});
</script>
<h2>Edit Freq Questions User </h2>
<%Administrator.DarkstarAdminProductionServices.FreqQuestionsUser freqQuestionsUser = ViewBag.freqQuestionsUser != null ? ViewBag.freqQuestionsUser : new Administrator.DarkstarAdminProductionServices.FreqQuestionsUser(); %>
<%List<string> UserRoleList = Session["UserRoles"] != null ? (List<string>)Session["UserRoles"] : new List<string>(); %>
<form id="updateFreqQuestionsUser" action="<%=Url.Action("SaveFreqQuestionsUser","Prod")%>" method="post">
<table>
<tr>
<td colspan="3" class="tableHeader">Freq Questions User Details <input type ="hidden" value="<%=freqQuestionsUser.freqQuestionsUserId%>" name="freqQuestionsUserId"/> </td>
</tr>
<tr>
<td colspan="2" class="label">Question Description:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionDescription" value="<%=freqQuestionsUser.questionDescription%>" />
</td>
</tr>
<tr>
<td colspan="2" class="label">QuestionAnswer:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionAnswer" value="<%=Server.HtmlDecode(freqQuestionsUser.questionAnswer)%>" />
</td>
</tr>
<tr>
<td colspan="3" class="tableFooter">
<br />
<a id="freqQuestionsUserUpdateButton" href="#" class="regularButton">Save</a>
<a href="javascript:history.back()" class="regularButton">Cancel</a>
</td>
</tr>
</table>
</form>
</asp:Content>
控制器
[AuthorizeAttribute(AdminRoles = "EditFreqQuestionsUser")]
public ActionResult SaveFreqQuestionsUser(string QuestionDescription, string QuestionAnswer)
{
Guid freqQuestionsUserId = Request.Form["freqQuestionsUserId"] != null ? new Guid(Request.Form["freqQuestionsUserId"]) : Guid.Empty;
//load agreement eula ref
AdminProductionServices.FreqQuestionsUser freqqQuestionsUser = Administrator.Models.AdminProduction.FreqQuestionsUser.LoadFreqQuestionsUser(freqQuestionsUserId, string.Empty, string.Empty)[0];
freqqQuestionsUser.questionDescription = QuestionDescription;
freqqQuestionsUser.questionAnswer = QuestionAnswer;
//save it
Administrator.Models.AdminProduction.FreqQuestionsUser.addFreqQuestionsUser(freqqQuestionsUser);
return RedirectToAction("SearchFreqQuestionsUser", "Prod", new { FreqQuestionsUserId = freqQuestionsUserId });
}
答案 0 :(得分:1)
ValidateRequest指令不适用于MVC,因为与WinForms不同,.aspx文件不是接收请求的实体。控制器是。因此,您应该在控制器上禁用验证。只需将[ValidateInput(false)]属性应用于您的操作或整个控制器,运行时将通过您的标记。