如何跳过MVC中的ValidateRequest验证

2022-08-30 19:42:40 浏览数 (1)

大家好,又见面了,我是你们的朋友全栈君。

MVC中客户端传值到服务器端时,如果客户端字符串含有“</>”字样时就会报“检测到有潜在危险”的错误。

如:从客户端(“test<br/>ttt”)中检测到有潜在危险的 Request.Form 值。

解决办法:在对应的ActionResult 前面加上[ValidateInput(false)]就可以解决,去除验证。

下面是一个富文本的页面源码示例:

<%@ Page Language=”C#” MasterPageFile=”~/Views/Shared/Site.Master” Inherits=”System.Web.Mvc.ViewPage<SNDA.SPM.Web.Models.NewsModel>” %>

<%@ Register Assembly=”FredCK.FCKeditorV2″ Namespace=”FredCK.FCKeditorV2″ TagPrefix=”FCKeditorV2″ %>

<asp:Content ID=”Content2″ ContentPlaceHolderID=”head” runat=”server”>

<h2>UPS后台管理</h2>

<script src=”../../Scripts/jqui/jquery-1.4.2.js” type=”text/javascript”></script>

<script src=”../../Scripts/fckeditor.js” type=”text/javascript”></script>

<script src=”../../Scripts/jquery.validate.js” type=”text/javascript”></script>

</asp:Content>

<asp:Content ID=”Content1″ ContentPlaceHolderID=”MainContent” runat=”server”>

<script type=”text/javascript” language=”javascript”>

$(document).ready(function() {

var oFCKeditor = new FCKeditor(‘Content’);

oFCKeditor.ToolbarSet = “Wiki”;

oFCKeditor.ReplaceTextarea();

$(document.forms.item(0)).validate({

errorClass: “error”,

rules:

{

Title: “required”,

Content: “required”

},

messages:

{

Title: “*请输入新闻标题“,

Content: “*请输入新闻正文“

}

});

});

</script>

<div title=”软件包名“ style=”margin:10px 10px;“>

<table width=”100%” border=”0″ id=”elButton1″>

<tr>

<td width=”10%”>软件包名</td>

<td align=”left” style=”font-size:20px;font-weight:bold;“><%= Model.name%></td>

</tr>

<tr title=”新闻标题“>

<td>新闻标题</td>

<td>

<input type=”text” name=”Title” />

</td>

</tr>

<tr><td colspan=”2″>正文</td></tr>

<tr title=”正文“>

<td colspan=”2″>

<textarea name=”Content” id=”Content” cols=”60″ rows=”6″></textarea>

</td>

</tr>

<tr title=”Buttons” style=”height:34px;“>

<td valign=”bottom” align=”right”><input type=”submit” style=”width:80px;height:25px;“ value=”发布“ /></td>

<td>

<%= Html.ActionLink(” “, “Index”, new { id = Model.sid })%>

</td>

</tr>

</table>

</div>

</asp:Content>

发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/144837.html原文链接:https://javaforall.cn

0 人点赞