属性ValidateInput(false)和allowattribute不会影响过滤器类

时间:2016-02-04 06:21:42

标签: c# asp.net-mvc asp.net-mvc-4

当我将用户名编辑为html标签或xml标签时,它将生成如下的异常:

potentially dangerous Request.Form

中的

filterContext.HttpContext.Request.Params["key"];

但是我有[ValidateInput(false)]为什么它没有在MyFilter课程中处理。

以下是我的代码:

FilterConfig.cs

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new MyFilter()); 

    }
}

MyFilter.cs

public class MyFilter: IAuthorizationFilter
{
    public void OnActionExecuted(ActionExecutedContext filterContext)
    {
        SessionDataManagement.BackupCurrent();
    }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        string requestID = filterContext.HttpContext.Request.Params["key"];
    }
}

MyController.cs

public class CompanyController : BaseController
{
    [HttpPost]
    [ValidateAntiForgeryToken]
    [ValidateInput(false)]
    public ActionResult Edit(Class1 objCompany)
    {
        //Logic
    }
}

的Class1.cs

public class Class1
{ 
    [Required]
    [AllowHtml]
    [StringLength(200)]
    public string UserName { get; set; }

}

0 个答案:

没有答案