0

我需要发送 html。我得到错误(这台机器翻译):

检测到从客户端收到的 Request.Form 的潜在危险值 (Description = "eqqdaqd asda

说明:验证请求的过程发现客户端输入值存在潜在危险,查询处理被中断。此值可能表示试图破坏应用程序的安全性,例如“跨站点脚本”攻击。要允许页面覆盖应用程序的默认扫描请求,请参阅 httpRuntime 配置属性以设置 requestValidationMode requestValidationMode = "2.0"。例子: 。设置此值后,您可以通过在 Page 指令或配置部分中设置 validateRequest = "false" 来禁用请求验证。但是,在这种情况下,敦促在应用程序中明确检查所有条目。有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=153133

 public ActionResult Create()
        {
            this.ValidateRequest = false;
            return View();
        }

        //
        // POST: /Admin/News/Create

        [HttpPost]
        public ActionResult Create(NewsView model)
        {
            this.ValidateRequest = false;
            try
            {
               //logic

                return RedirectToAction("Index");
            }
            catch
            {
                return View();
            }
        }

This controller is in the arena admin. I set in web.config 

<system.web>
    <httpRuntime requestValidationMode="2.0" />
4

2 回答 2

4

You could decorate your controller action with the ValidateInput attribute:

[HttpPost]
[ValidateInput(false)]
public ActionResult Create(NewsView model)
{
    ...
}

In your example you are setting the property inside the POST controller action but that's too late because validation is performed before invoking the action. Or if you want to disable validation only for a given property on your view model you could decorate it with the AllowHtml attribute:

[AllowHtml]
public string Description { get; set; }

Now you no longer need to decorate the controller action with the ValidateInput attribute.

于 2012-05-22T09:27:17.330 回答
0

You can try to use AllowHtmlAttribute Or if , you want to use ValidateRequest you should also set requestValidationMode = "2.0"

于 2012-05-22T09:22:18.770 回答