我在我的 MVC3 应用程序中看到了一个奇怪的行为。我有一个由 Ajax 调用的动作,并收到一个带有 HTML 文本的帖子。我想允许 HTML 的输入,所以我设置了 ValidateInput(false) 属性。我还有一个带有此参数的全局 OutputCache 过滤器: (NoStore = true, Duration = 0, VaryByParam = "*" )
代码如下所示:
[HttpPost]
[ValidateInput(false)]
[OutputCache(NoStore = true, Duration = 0, VaryByParam = "*" )]
public ActionResult Edit(SomeModel someModel)
{
saveModel(someModel);
return new AjaxEditSuccessResult();
}
当我向该方法发送帖子时,它会被执行并保存模型,但我得到的响应是标准的“从客户端检测到潜在危险的 Request.Form 值”错误消息,带有以下堆栈跟踪:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (text="<p class="MsoNormal"...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +9665149
System.Web.<>c__DisplayClass5.<ValidateHttpValueCollection>b__3(String key, String value) +18
System.Web.HttpValueCollection.EnsureKeyValidated(String key) +9664565
System.Web.HttpValueCollection.Get(String name) +17
System.Web.Caching.OutputCacheModule.CreateOutputCachedItemKey(String path, HttpVerb verb, HttpContext context, CachedVary cachedVary) +676
System.Web.Caching.OutputCacheModule.CreateOutputCachedItemKey(HttpContext context, CachedVary cachedVary) +55
System.Web.Caching.OutputCacheModule.OnLeave(Object source, EventArgs eventArgs) +9716788
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
你知道我是否可以以任何方式向 OutputCache 属性表明它需要尊重 ValidateInput 属性吗?