错误消息“潜在危险的Request.Form值”

时间:2015-12-08 11:47:33

标签: c# asp.net asp.net-mvc asp.net-mvc-5

我添加了TinyMCE编辑器以HTML格式添加说明,但是当我用HTML编写内容并点击Add Product时,它给了我这个错误:

  

从客户端检测到潜在危险的Request.Form值(Description =“

我试过了:

  1. AllowHtml< =无法正常工作

  2. [HttpPost, ValidateInput(true, Exclude = "Description")]并收到此错误

    3.   

    System.Web.Mvc.ValidateInputAttribute'不包含Exclude的定义

      web.config中的
    1. <httpRuntime requestValidationMode="2.0">并收到此错误
      2.   

      HTTP错误500.19 - 内部服务器错误无法访问请求的页面,因为页面的相关配置数据无效。

      Product.cs 

      public partial class Product {

     public int productID {get; set;}

     [Required]
     public int Name {get; set;}

     [AllowHtml]
     public string Description {get; set;}

     public string ImagePath {get;set}
}

      添加产品视图 

      @using (Html.BeginForm("AddProduct", "Store", FormMethod.Post, new { enctype = "multipart/form-data",   @class = "form-horizontal", role = "form" }))
{
@Html.AntiForgeryToken()
<h4>Create a new product.</h4>
<hr />
@Html.ValidationSummary(true)
@ViewBag.SizeMsg
<div class="form-group">
    @Html.LabelFor(m => m.Name, new { @class = "col-md-2 control-label"})
    <div class="col-md-10">
        @Html.TextBoxFor(m => m.Name, new { @class = "form-control" })
        @Html.ValidationMessageFor(m=>m.Name)
    </div>
</div>
<div class="form-group">
    @Html.LabelFor(m => m.Description, new { @class = "col-md-2 control-label" })
    <div class="col-md-10">
        @Html.TextAreaFor(m => m.Description, new { @class = "form-control" })
    </div>
</div>
<div class="form-group">
    @Html.LabelFor(m => m.ImagePath, new { @class = "col-md-2 control-label" })
    <div class="col-md-10">
        <input type="file" name="file" id="file" style="width: 100%;" />
    </div>
</div>
<div class="form-group">
    <div class="col-md-offset-2 col-md-10">
        <input type="submit" class="btn btn-default" value="Add Product" />
    </div>
</div>
}

      控制器 

      [HttpPost]
public ActionResult AddProduct(HttpPostedFileBase file)
{
   if (file != null)
   {
      var allowedExtensions = new[] { ".jpg", ".png", ".jpeg", ".gif", ".JPG", ".PNG", ".JPEG" };
      if (allowedExtensions.Contains(extension))
      {
        string ImagePath = System.IO.Path.GetFileName(file.FileName);
        string physicalPath = Server.MapPath("~/ProductImages/" + ImagePath);
        file.SaveAs(physicalPath);

        Product newRecord = new Product();
        newRecord.Name = Request.Form["Name"];
        newRecord.Description = Request.Form["Description"];
        newRecord.ImagePath = ImagePath;
        db.Products.Add(newRecord);
        db.SaveChanges();
        return RedirectToAction("Index", "Home");
      }
      else
      {
        ViewBag.SizeMsg = "File not supported.";
        return View();
       }
   }
   return View();
 }

2 个答案:

答案 0 :(得分:3)

将此添加到您的配置

<httpRuntime requestValidationMode="2.0"/>

<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

添加添加

[Post, ValidateInput(false)]
public ActionResult Operation(string Parameter) {
    ...
}

答案 1 :(得分:2)

我遇到了类似的问题,这是我运行的配置:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>
相关问题
最新问题