客户端验证防止通过 JavaScript eval() 手动回发

发布于 2024-08-24 02:06:58 字数 2697 浏览 4 评论 0原文

我在使用 GetPostBackEventReference 时遇到一些回发问题。这是场景：

我有一个 javascript 模式弹出对话框，并在此模式对话框中有一个用于选择内容的按钮（这不是 asp:button 控件

）单击此 javascript 对话框 HTML 按钮，它将通过 javascript: eval() 方法调用 MS AJAX Web 服务。这个 MS AJAX Web 服务调用是动态生成的。所以代码是这样的：

var serviceCall = svcCall + "(" + parameters + ")";   //dynamically generate the MS AJAX web service call here
eval(serviceCall);    

                                              //use eval to trigger the MS AJAX web service call

众所周知，在完成 MS AJAX Web 服务之后，您可以定义一个回调函数来处理完成：

function OnComplete(result, userContext, methodName) {

    //force to call postback manually
    eval($(userContext[0]).val());

    //close the javascript dialog here
}

正如我之前提到的，MS AJAX Web 服务调用是动态构建的，当MS AJAX Web 服务调用构建时，它将传递包含回发值的 userContext（即“__doPostBack('ctl00$ContentPlaceHolder1$btnSelectUser','')”，因此当 javascript < strong>eval() 被调用，它模拟一个 asp:button 点击回发。

userContext[0] 基本上保存一个 asp:hidden 字段的 ClientID，并且隐藏字段的值在 Page_Load 事件期间设置：

protected void Page_Load(object sender, EventArgs e)
{
        btnSelectUser.ValidationGroup = "popupSelect";
        btnSelectUser.CausesValidation = false;
        this.hdnBtnPostback.Value = Page.ClientScript.GetPostBackEventReference(btnSelectUser, string.Empty, false);
}

正如你可以的看，这就是我如何使用 GetPostBackEventReference 将 asp:button （即 btnSelectUser）的 Click 事件绑定到 asp:hiddenfield ，并将 registerForEventValidation 参数设置为 false。我还尝试使用不同的 ValidationGroup 并将 CausesValidation 设置为 false，但没有希望。 :(

总之，我将 asp:button 的 Click PostBackEventReference（即 __doPostback(....)) 绑定到 asp:hidden 字段的 Value 属性，并使用 javascript eval() 来评估此隐藏字段的值值以手动触发回发。

ps btnSelectUser 是一个 asp:button 控件，用于调出 javascript 模式对话框。

好的，这是问题：

在同一页面中，有一些 asp:validator，例如和，因为，当页面遇到错误时，此验证器和标注将显示给用户，例如，当用户没有填写任何内容并提交表单时，ValidatorCalloutExtender 将显示一个气球并告诉用户其中之一。 ballon/validatorCalloutExtender 此时出现在屏幕顶部，

然后单击 btnSelectUser (asp:button) 以显示 javascript 模式对话框，在对话框中添加一些用户，然后单击其中的 SELECT 按钮。在这个模式对话框中，如上所述，会触发 MS AJAX Web 服务，一旦该 Web 服务完成，它就会 eval() asp:hidden 字段的值（即 __doPostback(...)）……并执行手动回发。

但是，由于 validatorCalloutExtender ballon 已显示，因此它无法以这种方式触发回发，但是当我关闭 ballon/validatorCalloutExtender 时，使用 eval() 的手动回发工作正常。更奇怪的是，当显示气球时，我第一次单击此模式对话框内的 SELECT 按钮时，它不会触发回发，但是，如果我再次执行相同的操作（即打开 javascript 对话框，并且选择一些用户，然后再次单击“选择”按钮）。它能够进行手动回发......而且我不明白为什么第一次不起作用。

这真的让我发疯，希望这里的任何人都能提供帮助，我将非常感激。非常感谢大家。：）

祝你今天过得愉快。希望尽快收到大家的来信。

原文

I encouter some postback issue when using GetPostBackEventReference. Here is the Scenario:

I have a javascript modal popup dialog and got a button in this modal dialog which used to select things (this is NOT an asp:button control)

When this javascript dialog HTML button is clicked, it will call the MS AJAX web service call by the javascript: eval() method. And this MS AJAX web service call is dynamically generated. So the code is like this:

var serviceCall = svcCall + "(" + parameters + ")";   //dynamically generate the MS AJAX web service call here
eval(serviceCall);    

                                              //use eval to trigger the MS AJAX web service call

As you may all know, after complete the MS AJAX web service, you can define a callback function to handle the completion:

function OnComplete(result, userContext, methodName) {

    //force to call postback manually
    eval($(userContext[0]).val());

    //close the javascript dialog here
}

As I have mentioned before, the MS AJAX web service call is built dynamically, and when the MS AJAX web service call is construct, it will be passing a userContext which contain the postback value (i.e. "__doPostBack('ctl00$ContentPlaceHolder1$btnSelectUser','')", so when the javascript eval() is called, it simulate a asp:button click postback.

The userContext[0] basically holding a asp:hidden field's ClientID, and the hidden field's value is set during the Page_Load event:

protected void Page_Load(object sender, EventArgs e)
{
        btnSelectUser.ValidationGroup = "popupSelect";
        btnSelectUser.CausesValidation = false;
        this.hdnBtnPostback.Value = Page.ClientScript.GetPostBackEventReference(btnSelectUser, string.Empty, false);
}

As you can see, this is how I bound the asp:button (i.e. btnSelectUser) 's Click Event to the asp:hiddenfield using the GetPostBackEventReference, and set the registerForEventValidation argument to false. I have also tried to use different ValidationGroup and set the CausesValidation to false, but no hope. :(

In summarize, I bound the asp:button's Click PostBackEventReference(i.e. __doPostback(....)) to the asp:hidden field's Value attribute, and using javascript eval() to eval this hidden field's value in order to manually trigger postback.

p.s. the btnSelectUser is an asp:button control and used to call out the javascript modal dialog.

Ok, here is the Problem:

In the same page, there is some asp:validator, e.g. and , and of coz, when the page run into error, this validator and callout will display to the user. e.g. When the user didn't fill in anything and submit the form, the ValidatorCalloutExtender will display a ballon and tell the user. Imagine one of this ballon/validatorCalloutExtender come out and on top of your screen at the moment.

Then you click the btnSelectUser (asp:button) to show the javascript modal dialog, and in the dialog, you Add some users, and once you hit the SELECT button inside this modal dialog, a MS AJAX web service is trigger as mentioned above, and once this web service is complete, it eval() the asp:hidden field's value (i.e. __doPostback(...))......and do the postback manually.

However, because of the validatorCalloutExtender ballon has display, it somehow cannot trigger the postback in this way, but when I close the ballon/validatorCalloutExtender, the manual postback using eval() is just working fine. Even more strange is that, when the ballon is displayed, the first time I click the SELECT button inside this modal dialog it doesn't fire the postback, however, if I do the same thing again (i.e. open up the javascript dialog, and choose some users, then click the SELECT button again). It able to do the manual postback....and I don't understand why the first time doesn't work.

This has really drive me crazy, hope anyone here can help, would be really appreciate. Thank you so much folks. :)

Have a nice day. Looking to heard from you all shortly.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

舂唻埖巳落 2024-08-31 02:06:58

当您调用 __doPostBack(eventTarget, eventArgument) 时，会触发表单提交：

如果 WebForm_OnSubmit(); 返回 true，则此帖子将继续进行。

后者又取决于

WebForm_OnSubmit 结果取决于 ValidatorOnSubmit 结果，如果 Page_ValidationActive == true，

ValidatorCommonOnSubmit 结果。现在，如果您仍然同意我的观点，如下面的函数所示：

function ValidatorCommonOnSubmit() {
    Page_InvalidControlToBeFocused = null;
    var result = !Page_BlockSubmit;
    if ((typeof(window.event) != "undefined") && (window.event != null)) {
        window.event.returnValue = result;
    }
    Page_BlockSubmit = false;
    return result;
}

ValidatorCommonOnSubmit 的结果取决于 Page_BlockSubmit，因此唯一阻止您的回发的是 Page_BlockSubmit = = true，它与验证标注无关。

我无法模拟您的情况，但如果您可以发布完整的代码示例，它将帮助我找到问题。

When you call __doPostBack(eventTarget, eventArgument) a form submission is triggered:

This from post will proceed if WebForm_OnSubmit(); return true.

WebForm_OnSubmit result depends on ValidatorOnSubmit result, which in turn depends on

ValidatorCommonOnSubmit result if Page_ValidationActive == true.

Now if you are still with me, as in the function below:

function ValidatorCommonOnSubmit() {
    Page_InvalidControlToBeFocused = null;
    var result = !Page_BlockSubmit;
    if ((typeof(window.event) != "undefined") && (window.event != null)) {
        window.event.returnValue = result;
    }
    Page_BlockSubmit = false;
    return result;
}

The result of ValidatorCommonOnSubmit depends on Page_BlockSubmit, so the only thing to block your postback is Page_BlockSubmit == true, it has nothing to do with validation callouts.

I was unable to simulate your case, but if you could post a full code sample it will help me track down the issue.

回复收藏 0 原文

~没有更多了~