当我将用户名编辑为html标签或xml标签时,它将生成如下的异常:
potentially dangerous Request.Form
中的 filterContext.HttpContext.Request.Params["key"];
但是我有[ValidateInput(false)]
为什么它没有在MyFilter
课程中处理。
以下是我的代码:
FilterConfig.cs :
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new MyFilter());
}
}
MyFilter.cs :
public class MyFilter: IAuthorizationFilter
{
public void OnActionExecuted(ActionExecutedContext filterContext)
{
SessionDataManagement.BackupCurrent();
}
public void OnAuthorization(AuthorizationContext filterContext)
{
string requestID = filterContext.HttpContext.Request.Params["key"];
}
}
MyController.cs :
public class CompanyController : BaseController
{
[HttpPost]
[ValidateAntiForgeryToken]
[ValidateInput(false)]
public ActionResult Edit(Class1 objCompany)
{
//Logic
}
}
的Class1.cs :
public class Class1
{
[Required]
[AllowHtml]
[StringLength(200)]
public string UserName { get; set; }
}