我需要允许符号< >,但也可以阻止XSS攻击,因此我尝试使用HTML.Encode()方法:
@Html.TextAreaFor(model => Model.Text, 15, 5,
new { placeholder = ReviewResources.ReviewPlaceholder, data_val = "true",
data_val_regex=ReviewResources.IllegalSymbolsMessage,
data_val_regex_pattern="^[^<>]+$"}
改变:
@Html.TextAreaFor(model => @Html.Encode(Model.Text), 15, 5,
new { placeholder = ReviewResources.ReviewPlaceholder, data_val = "true"}
但我得到一个例外:
{"Templates can be used only with field access, property access,
single-dimension array index, or single-parameter custom indexer expressions."}
如何正确使用从<到<等等的编码?