AllowHtml属性不适用于生产

时间:2013-10-16 21:56:56

标签: c#-4.0 asp.net-mvc-4 attributes

我有一个模型需要捕获html。我已将[AllowHtml]属性添加到model属性,并且在调试时它在我的本地服务器上正常工作。

一旦部署到生产中,它在生产服务器上执行时正常工作(即我远程登录到服务器并在那里浏览),但是当从任何其他服务器执行时,通常会出现“潜在危险的等等等等”消息机。

所以在我看来,与验证所涉及的位置有关,或者我完全错过了这条船。

为了确认,我没有对web.config进行任何“特殊”更改。

请有人解释我遇到此问题的原因。

模型

[AllowHtml]
[Display(Name = "Overview")]
public string Overview { get; set; }

控制器

//
// POST: /Product/
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditFeature(BackOffice.Models.ProductFeature model)
{
        if (ModelState.IsValid)
        {
            //insert the new product
        }
        //invalid model, return with errors
        return View(model);
 }

查看

@model BackOffice.Models.ProductFeature

@using (Html.BeginForm("AddFeature", "Product", null, FormMethod.Post, new { role = "form", @class = "form-horizontal" }))
{
    @Html.AntiForgeryToken()
    @Html.ValidationSummary(true)
    @Html.Hidden("ProductID", @Model.ProductID)

    <div class="modal fade" id="FeatureModal" tabindex="-1" role="dialog" aria-labelledby="FeatureModalLabel" aria-hidden="true">
        <div class="modal-dialog">
            <div class="modal-content">
                <div class="modal-header">
                    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
                    <h4 class="modal-title">Add a Feature</h4>
                </div>
                <div class="modal-body">
                    <div class='form-group'>
                        <label class='col-lg-2 control-label'>Title</label>
                        <div class="col-lg-10">
                            @Html.TextBoxFor(m => m.Title, new { @class = "form-control" })
                            @Html.ValidationMessageFor(m => m.Title)
                        </div>

                    </div>
                    <div class='form-group'>
                        <label class='col-lg-2 control-label'>Overview</label>
                        <div class="col-lg-10">
                            @Html.TextAreaFor(m => m.Description, 10, 40, new { @class = "ckeditor", id = "overview" })
                        </div>

                    </div>
                </div>
                <div class='clearfix'></div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
                    <button type="submit" class="btn btn-primary">Add</button>
                </div>
            </div>
            <!-- /.modal-content -->
        </div>
        <!-- /.modal-dialog -->
    </div>
    <!-- /.modal -->
}

1 个答案:

答案 0 :(得分:0)

此处的方法名称存在不匹配。

@using (Html.BeginForm("AddFeature", "Product", null, FormMethod.Post, new { role = "form", @class = "form-horizontal" }))
{
}

但你的行动方法叫做

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult EditFeature(BackOffice.Models.ProductFeature model)
{
}

AddFeature 操作方法在哪里?