TinyMCE for WebPages Razor 2

时间:2014-06-24 03:04:31

标签: sql tinymce razor-2 asp.net-webpages

我在使用TinyMCE与ASP.NET Web Pages Razor 2时遇到了一些麻烦。我正在尝试使用TinyMCE更新SQL文章,但是,它给了我这个错误:

"There was found a potentially dangerous Request.Form value for the client (Content="<p>Lorem ipsum dolor...")."

Linje 22:var update =“UPDATE [Tutorials] SET Heading = @ 0,Content = @ 1,Type = @ 2 WHERE ID = @ 3”;

Linje 23:Heading = Request [“Heading”];
Linje 24:内容=请求[“内容”];
Linje 25:Type = Request [“Type”];
Linje 26:db.Execute(更新,标题,内容,类型,TutorialId); 

    @{

    Validation.RequireField("Heading", "Heading is required.");
    Validation.RequireField("Content", "Content is required.");
    Validation.RequireField("Type", "Type is required.");

    var Heading = "";
    var Content = "";
    var Type = "";

    var TutorialId = UrlData[0];
    if (TutorialId.IsEmpty()) {
        Response.Redirect("~/Members/Tutorials/List");
    }

    var db = Database.Open("MikZeRCoding2");

    string htmlEncoded = WebUtility.HtmlEncode(Content);

    if (IsPost && Validation.IsValid()) {
        var update = "UPDATE [Tutorials] SET Heading=@0, Content=@1, Type=@2 WHERE ID=@3";
        Heading = Request["Heading"];
        Content = Request["Content"];
        Type = Request["Type"];
        db.Execute(update, Heading, Content, Type, TutorialId);
        Response.Redirect("~/Members/Tutorials/List");
    }



    else {
        var select = "SELECT * FROM [Tutorials] WHERE ID=@0";

        var row = db.QuerySingle(select, TutorialId);
        Heading = row.Heading;
        Content = row.Content;
        Type = row.Type;
    }
  }

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title>Edit Tutorial - Admin Area</title>
    </head>
    <body>

        <script type="text/javascript">
            tinymce.init({selector:'textarea'});
        </script>

        <form method="post" action="">
            <div class="content-container">
                <ul>
                    <li>
                        <h3>Title</h3>
                        <input type="text" name="Heading" value="@Heading" />
                    </li>
                    <li>
                        <h3>Content</h3>
                        <textarea name="Content" id="content-editor">@Content</textarea>
                    </li>
                    <li>
                        <h3>Type</h3>
                        <input type="text" name="Type" value="@Type" />
                    </li>
                    <li>
                        <input type="submit" value="Update" />
                        @Html.ValidationSummary()
                    </li>
                </ul>
            </div>
        </form>
    </body>
</html>

1 个答案:

答案 0 :(得分:1)

如果要允许发布HTML,则需要使用Request.Unvalidated

Content = Request.Unvalidated("Content");

在此处查看有关ASP.NET网页中的请求验证的更多信息:http://www.mikesdotnetting.com/Article/222/Request-Validation-In-ASP.NET-Web-Pages

相关问题
最新问题