出于安全考虑,我有一个工具在我的网站上提供了一堆乱码,但是我的系统出错的一件事就是控制器中的DataSourceRequest对象。代码示例:
[AcceptVerbs(HttpVerbs.Get)]
public async Task<ActionResult> _GetGoodData([DataSourceRequest] DataSourceRequest request)
{
List<GoodData> reqs = await GetGoodDataAsync();
return Json(reqs.ToDataSourceResult(request, ModelState), JsonRequestBehavior.AllowGet);
}
我会收到如下错误:
无效的属性或字段 - &#39; 19451827&#39;对于类型:GoodData Type = System.ArgumentException Source = Kendo.Mvc at Kendo.Mvc.Infrastructure.Implementation.Expressions.MemberAccessTokenExtensions.CreateMemberAccessExpression(IMemberAccessToken 令牌,表达式实例)at Kendo.Mvc.Infrastructure.Implementation.Expressions.ExpressionFactory.MakeMemberAccess(表达式 instance,String memberName)at Kendo.Mvc.Infrastructure.Implementation.Expressions.PropertyAccessExpressionBuilder.CreateMemberAccessExpression() 在 Kendo.Mvc.Infrastructure.Implementation.Expressions.MemberAccessExpressionBuilderBase.CreateLambdaExpression() 在 Kendo.Mvc.Infrastructure.Implementation.SortDescriptorCollectionExpressionBuilder.Sort() 在 Kendo.Mvc.Extensions.QueryableExtensions.CreateDataSourceResult [TModel的,TResult](IQueryable的 queryable,DataSourceRequest请求,ModelStateDictionary modelState, Func`2选择器)
现在我的问题是,有没有办法验证请求对象,看它的字段是否对它应用的对象有效?