我创建了一个基本控制器,每个控制器都继承。在这个控制器中我有OnActionExecuting方法。我用它来检查一些参数的url。我遇到的问题是每当我发布html数据时都会出现异常。我使用[AllowHTML]标签设置了模型,它适用于所有其他操作。
如何使OnActionExecuting方法注意模型验证?
这就是我在基本控制器中的内容
public abstract class BaseController : Controller
{
[ValidateInput(false)]
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if ((Request.Params["api"] == null || string.IsNullOrEmpty(Request.Params["api"])))
return;
if ((Request.Params["api"] != null && !string.IsNullOrEmpty(Request.Params["api"])))
{
if (Session["api"] == null)
{
Session["api"] = Request.Params["api"];
}
}
}
及以下是我的模型的摘录
[MetadataType(typeof (MessagingMetaData))]
public partial class Message
{
}
public class MessagingMetaData
{
[Required]
[Display(Name = "Message")]
[DataType(DataType.Html)]
[AllowHtml]
public string Body { get; set; }
}
这是堆栈跟踪
[System.Web.HttpRequestValidationException]
Exception Message: A potentially dangerous Request.Form value was detected from the client (Content="
sdafdsafdsafdsac__DisplayClass12.b__d(String value, String key) at Microsoft.Web.Infrastructure.DynamicValidationHelper.LazilyEvaluatedNameObjectEntry.ValidateObject() at Microsoft.Web.Infrastructure.DynamicValidationHelper.LazilyEvaluatedNameObjectEntry.GetValidatedObject() at Microsoft.Web.Infrastructure.DynamicValidationHelper.LazilyValidatingArrayList.get_Item(Int32 index) at System.Collections.Specialized.NameObjectCollectionBase.BaseGetKey(Int32 index) at System.Collections.Specialized.NameValueCollection.GetKey(Int32 index) at System.Collections.Specialized.NameValueCollection.Add(NameValueCollection c) at System.Web.HttpRequest.FillInParamsCollection() at System.Web.HttpRequest.GetParams() at System.Web.HttpRequest.get_Params() at System.Web.HttpRequestWrapper.get_Params() at ProjectX.BaseController.OnActionExecuting(ActionExecutingContext filterContext) at System.Web.Mvc.Controller.System.Web.Mvc.IActionFilter.OnActionExecuting(ActionExecutingContext filterContext) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<>c__DisplayClass17.b__14() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) at System.Web.Mvc.Controller.ExecuteCore() at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.b__5() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.b__0() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.b__7(IAsyncResult _) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End() at System.Web.Mvc.Async.AsyncResultWrapper.End[TResult](IAsyncResult asyncResult, Object tag) at System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult, Object tag) at System.Web.Mvc.MvcHandler.<>c__DisplayClasse.b__d() at System.Web.Mvc.SecurityUtil.b__0(Action f) at System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
抱歉布局不会因某种原因复制新行
答案 0 :(得分:2)
我相信您应该能够使用Unvalidated()
扩展方法。例如,将Request.Params["api"]
更改为Request.Unvalidated().Params["api"]
。
答案 1 :(得分:1)
我知道这已经晚了4年,但我为未来的搜索者添加了这个答案。
您可以使用Request.Unvalidated [&#34; api&#34;]
public abstract class BaseController : Controller
{
[ValidateInput(false)]
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if ((Request.Unvalidated["api"] == null || string.IsNullOrEmpty(Request.Unvalidated["api"])))
return;
if ((Request.Unvalidated["api"] != null && !string.IsNullOrEmpty(Request.Unvalidated["api"])))
{
if (Session["api"] == null)
{
Session["api"] = Request.Unvalidated["api"];
}
}
}
}
答案 2 :(得分:0)
不确定这是否是问题的解决方案,但是可以解决这个问题。
通过将Request.Params更改为Request.QueryString,我猜测验不会被调用
public abstract class BaseController : Controller
{
[ValidateInput(false)]
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if ((Request.QueryString["api"] == null || string.IsNullOrEmpty(Request.QueryString["api"])))
return;
if ((Request.QueryString["api"] != null && !string.IsNullOrEmpty(Request.QueryString["api"])))
{
if (Session["api"] == null)
{
Session["api"] = Request.Params["api"];
}
}
}