如何允许HTML格式的用户输入 [英] How to allow HTML formatted user input
问题描述
我需要在asp.net应用程序中接受HTML格式的用户输入.输入的示例:
<p style="font-family: arial, sans-serif; font-weight: normal; font-size: 10pt; text-align: center"></p>
我正在使用 tinymce [潜在危险的输入 [属性添加到Page指令来在页面级别进行验证.然后HMTL对所有输入进行编码.
但是,即使我已将属性添加到page指令中,该页面仍会引发HttpRequestValidationException
异常.我检查了我的web.config,那里没有任何东西.
有什么我想念的吗?我还能如何关闭页面验证,以便接受HTML格式的用户输入?
p.s.我的一个想法是在页面发布之前使用javascript编码输入,但是,如果可能的话,我宁愿处理后面的代码.
I need to accept HTML formatted user input in my asp.net application. An example of the input:
<p style="font-family: arial, sans-serif; font-weight: normal; font-size: 10pt; text-align: center"></p>
I am using tinymce[^] to format the controls. Before I send the text to the client, the text is HTML encoded and it shows in the control ok.
Now I want to receive the change from the user. ASP.NET blocks potentially dangerous inputs[^] such as HTML tags for security reasons. If someone tries to post such input then the page throws an exception such as.
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client
The work around is to turn validation at the page level by adding ValidateRequest="false"
attribute to the Page directive. Then HMTL encode all inputs.
But, even though I have added the attribute to the page directive, the page still raises HttpRequestValidationException
exception. I checked my web.config and I don''t have anything there.
Is there something I missed? How else can I turn off page validation so I can accept HTML formatted user input?
p.s. One thought I have is to encode the input using javascript before the page is posted, but I would rather handle in the code behind, if possible.
推荐答案
尝试一下:
try this:
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes [ ^ ]
限制到页面级别,而不是整个应用程序.
http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes[^]
limiting to a page level and not application wide.
<location path="whatever">
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
</location>
这篇关于如何允许HTML格式的用户输入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!