为什么我的操作方法允许使用JavaScript?
它允许通过alert('hello');,但我只想允许纯文本。
我正在使用System.Web.Http ApiController。
public class AppController : ApiBaseController
{
public AppController(IReadyToWorkProcessor processor) : base(processor) { }
[HttpPut]
public IHttpActionResult Put(Guid readyToWorkGuid, [FromBody] PersonalDetailsVW newPersonalDetails)
{
newPersonalDetails.ReadyToWorkGuid = readyToWorkGuid.ToString();
int? TeacherID = Processor.GetTeacherIdFromReadyToWorkGuid(readyToWorkGuid);
if (TeacherID != null)
{
Processor.PersonalDetailsService.ProcessPersonalDetails(newPersonalDetails, ModelState, (int)TeacherID);
ResponseMessage response = new ResponseMessage();
if (ModelState.IsValid)
{
response.Result = true;
response.Message = "Section Completed";
response.SectionComplete = true;
return Ok(response);
}
else
{
string errorList = UtilityHelpers.ModelStateErrors(ModelState);
response.Result = true;
response.SectionComplete = false;
response.Message = "Saved .... Section not completed yet, the following have not filled correctly: " + errorList;
return Ok(response);
}
}
return NotFound();
}
}