AllowHtml 属性不起作用
我有一个具有此属性的模型:
[AllowHtml]
[DisplayName("Widget for Table")]
[StringLength(1000, ErrorMessage = "Maximum chars 1000")]
[DataType(DataType.Html)]
public object TableWidget { get; set; }
这是控制器中的创建方法:
//
// GET: /Admin/Table/Create
public ActionResult Create(int id)
{
Season season = _seasonRepository.GetSeason(id);
var table = new Table
{
SeasonId = season.SeasonId
};
return View(table);
}
//
// POST: /Admin/Table/Create
[HttpPost]
public ActionResult Create(Table a)
{
if (ModelState.IsValid)
{
_tableRepository.Add(a);
_tableRepository.Save();
return RedirectToAction("Details", "Season", new { id = a.SeasonId });
}
return View();
}
最后这是我的观点:
@model Stridh.Data.Models.Table
@using (Html.BeginForm())
{
@Html.ValidationSummary(true)
<fieldset>
<legend>Fields</legend>
<div class="editor-label">
@Html.LabelFor(model => model.Name)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Name) @Html.ValidationMessageFor(model => model.Name)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.TableURL)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.TableURL) @Html.ValidationMessageFor(model => model.TableURL)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.SortOrder)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.SortOrder) @Html.ValidationMessageFor(model => model.SortOrder)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.TableWidget)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.TableWidget) @Html.ValidationMessageFor(model => model.TableWidget)
</div>
<div class="editor-label invisible">
@Html.LabelFor(model => model.SeasonId)
</div>
<div class="editor-field invisible">
@Html.EditorFor(model => model.SeasonId)
</div>
<p>
<input type="submit" value="Create" />
</p>
</fieldset>
}
当我添加没有 html 的“正常”消息时,一切都保存正常,但在保存时显示 A潜在危险的 Request.Form ...
另一个奇怪的事情是我让这个 [AllowHtml] 在另一个模型类中工作。我找不到为什么这给我带来麻烦。需要你的帮助。 :-)
I have a model with this property:
[AllowHtml]
[DisplayName("Widget for Table")]
[StringLength(1000, ErrorMessage = "Maximum chars 1000")]
[DataType(DataType.Html)]
public object TableWidget { get; set; }
And here is the create methods in controller:
//
// GET: /Admin/Table/Create
public ActionResult Create(int id)
{
Season season = _seasonRepository.GetSeason(id);
var table = new Table
{
SeasonId = season.SeasonId
};
return View(table);
}
//
// POST: /Admin/Table/Create
[HttpPost]
public ActionResult Create(Table a)
{
if (ModelState.IsValid)
{
_tableRepository.Add(a);
_tableRepository.Save();
return RedirectToAction("Details", "Season", new { id = a.SeasonId });
}
return View();
}
And last here is my view:
@model Stridh.Data.Models.Table
@using (Html.BeginForm())
{
@Html.ValidationSummary(true)
<fieldset>
<legend>Fields</legend>
<div class="editor-label">
@Html.LabelFor(model => model.Name)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Name) @Html.ValidationMessageFor(model => model.Name)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.TableURL)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.TableURL) @Html.ValidationMessageFor(model => model.TableURL)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.SortOrder)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.SortOrder) @Html.ValidationMessageFor(model => model.SortOrder)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.TableWidget)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.TableWidget) @Html.ValidationMessageFor(model => model.TableWidget)
</div>
<div class="editor-label invisible">
@Html.LabelFor(model => model.SeasonId)
</div>
<div class="editor-field invisible">
@Html.EditorFor(model => model.SeasonId)
</div>
<p>
<input type="submit" value="Create" />
</p>
</fieldset>
}
When I add a "normal" message without html everything is saved OK, but when saving it says A potentially dangerous Request.Form...
Another strange thing is that I got this [AllowHtml] to work in another model class. I cant find why this is causing me troubble. Need your help. :-)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您使用
AllowHtml的方式应该有效。确保您没有在代码中的其他任何位置(控制器、过滤器等)访问HttpRequest.Form集合,因为这将触发 ASP.NET 请求验证和您看到的错误。如果您确实想访问该变量,那么您应该通过以下代码访问它。The way you are using
AllowHtmlshould work. Make sure that you are not accessing theHttpRequest.Formcollection anywhere else in your code (controller, filter, etc) as this will trigger ASP.NET Request Validation and the error you are seeing. If you do want access to that variable then you should access it via the following code.我遇到了同样的问题,并在
如果您使用的是 .net 4.0,请确保将其添加到 web.config 的
I get the same problem and i solve it with the help of this post.
If you are on .net 4.0 make sure you add this in your web.config
Inside the
<system.web>tags我也有同样的问题。我的模型类名为“GeneralContent”并具有属性“Content”。在我的操作方法中,我使用了这样的属性:
public ActionResult Update(GeneralContent content)
当我将 content 参数重命名为 cnt 时,一切正常。我认为当模型类的某些属性与操作方法中的参数同名时,MVC 会感到困惑。
I had the same problem. My model class is named "GeneralContent" and has the property "Content". In my action method i used attribute like this:
public ActionResult Update(GeneralContent content)
when i renamed content argument to cnt, everything works well. I think MVC is confused when some attribude of model class has the same name as the argument in action method.
我也有这个问题。我无法获得标有
[AllowHtml]的模型属性来实际允许 HTML,而是遇到了您所描述的相同错误。我的解决方案最终是使用[ValidateInput(false)]属性标记接受发布模型的控制器操作。I also had this issue. I could not get a model property marked with
[AllowHtml]to actually allow HTML, and instead encountered the same error you describe. My solution ended up being to mark the Controller action that accepts the posted model with the[ValidateInput(false)]attribute.@marcind 的答案让我走上了正轨,但我的问题是我将 FormCollection 传递到 Controller 方法中,因此更改此...
对此...
解决了问题。
随后,我能够使用这样的代码毫无问题地访问表单集合。
因此,导致问题的是传递表单集合参数,而不仅仅是访问表单集合。
The answer that @marcind put me on the right track but my issue was that I was passing the FormCollection into the Controller method, so changing this...
To this...
Solved the problem.
Subsequently, I was able to access the heck out of the form collection with code like this without issue.
So, it was the passing the form collection parameter that caused the problem, not merely accessing the form collection.