“潜在危险的 Request.Form 值..” 当 ModelState.IsValid 为 false 时出错
在我们的 ASP.NET MVC 应用程序之一中,我们使用 FCKEditor 来允许用户输入富文本。 为了关闭控制器操作中的验证,我们设置了属性“
[ValidateInput(false)]
只要页面中没有业务验证错误,用户就可以保存和修改富文本”。
如果任何业务验证失败并且 ModelState.IsValid 设置为 false,则在呈现页面时会引发以下异常。 有人可以让我知道如何解决这个问题吗?
从客户端检测到潜在危险的 Request.Form 值(Programme_Overview=“
这里是代码
[ValidateInput(false)]
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Schedule(FormCollection formValues)
{
// some code
if (ModelState.IsValid)
{
//do something here...
}
else
{
return View(programDetails);
}
}
//// View code that render the fckeditor text area
<%= Html.TextArea("Programme_Overview", Model.Programme.Overview, new { row = 7 })%>
In one of our ASP.NET MVC application we are using FCKEditor to allow users to enter rich text. In order to turn off the validation in the controller actions we set the attribute
[ValidateInput(false)]
Users are able to save and modify the rich text as long as there are no business validation errors in the page.
If any of the business validations fail and the ModelState.IsValid is set to false, on rendering the page the following exception is raised. Can someone let me know how to solve this issue?
A potentially dangerous Request.Form value was detected from the client (Programme_Overview="
Here is the code
[ValidateInput(false)]
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Schedule(FormCollection formValues)
{
// some code
if (ModelState.IsValid)
{
//do something here...
}
else
{
return View(programDetails);
}
}
//// View code that render the fckeditor text area
<%= Html.TextArea("Programme_Overview", Model.Programme.Overview, new { row = 7 })%>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
刚刚出现这个问题,修复方法是更新 fck 配置文件
fckconfig.js
应该是
just had this crop up, fix was to update the fck config file
fckconfig.js
should be
只需将以下内容添加到您的操作中:
Just add the following to your action:
我猜这个项目是从 1.0 之前的 RTM 项目迁移而来的。
原始 ASP.NET 具有页面级“危险输入”验证,您可能会遇到这种情况。 我们通过更改 Views 文件夹中的 Web.config 文件在系统范围内关闭了它,但我不记得我们何时进行了更改。 如果您的项目早于此更改,则 Views 文件夹中的 Web.config 文件中不会有该设置。
因此,您可以创建一个新的 MVC 项目并查看 Web.config 文件以了解您可能想要复制哪些设置。 如果需要,您还可以逐页禁用此功能。
http://www.asp.net/learn/whitepapers/request-validation/< /a>
I'm guessing this project was migrated from a pre-1.0 RTM project.
Original ASP.NET has page-level "dangerous input" validation that you're tripping up. We have turned it off system-wide with a change to the Web.config file in the Views folder, but I don't remember exactly when we made that change. If your project pre-dates this change, then you won't have that setting in your Web.config file in the Views folder.
So you can make a new MVC project and look at the Web.config file to see what setting(s) you might want to copy over. You can also disable this on a page-by-page basis if you want.
http://www.asp.net/learn/whitepapers/request-validation/
您的 FCKEditor 的某些 HTML 输出可能会以某种方式提交。
您可以尝试关闭验证:
It is likely some HTML output from your FCKEditor gets somehow submitted.
You can try to switch the validation off: