如何显示HTML元素,如在通过Html.ValidationSummary渲染错误链接() [英] How to display html elements like links in errors rendered via Html.ValidationSummary()
问题描述
我的一个错误信息呈现一个链接。然而, Html.ValidationSummary()连接codeS它,因此显示如下:
One of my error message renders a link. However, Html.ValidationSummary() encodes it and therefore it displays as follow:
用手机或电子邮件帐户您指定已经存在。
如果您忘记了密码,请< A
HREF =/帐号/复位>复位< / A>吧。
An account with the mobile or email you have specified already exists. If you have forgotten your password, please <a href="/account/Reset">Reset</a> it.
相反,它应该呈现:
用手机或电子邮件帐户您指定已经存在。
如果您忘记了密码,请重新设置。
An account with the mobile or email you have specified already exists. If you have forgotten your password, please Reset it.
的误差加入到ModelState中内部视图如下:
The error is added to the ModelState inside view as follows:
if (...)
{
ViewData.ModelState.AddModelError(string.Empty, string.Format("An account with the mobile or email you have specified already exists. If you have forgotten your password, please {0} it.", Html.ActionLink("Reset", "Reset")));
}
总之,我应该如何prevent Html.ValidationSummarry()来选择/全部编码错误的HTML。
In short, how should I prevent Html.ValidationSummarry() to selectively/entirely encoding html in errors.
推荐答案
目前的HTML辅助显示错误消息并不支持这一点。然而,你可以写不显示HTML逃脱它的错误消息您自己的HTML佣工,即,它们会像对待错误消息为原始的HTML。
The current HTML helpers for displaying error messages do not support this. However, you could write your own HTML helpers that display the error message without HTML escaping it, i.e. they would treat the error message as raw HTML.
作为一个起点,你可以使用从codePLEX的ASP.NET MVC源$ C $ c时,<$ C $专门的的ValidationSummary 方法C> ValidationExtensions 类:
As a starting point, you could use the ASP.NET MVC source code from Codeplex, specifically the ValidationSummary method of the ValidationExtensions class:
public static string ValidationSummary(this HtmlHelper htmlHelper, string message, IDictionary<string, object> htmlAttributes) {
// Nothing to do if there aren't any errors
if (htmlHelper.ViewData.ModelState.IsValid) {
return null;
}
string messageSpan;
if (!String.IsNullOrEmpty(message)) {
TagBuilder spanTag = new TagBuilder("span");
spanTag.MergeAttributes(htmlAttributes);
spanTag.MergeAttribute("class", HtmlHelper.ValidationSummaryCssClassName);
spanTag.SetInnerText(message);
messageSpan = spanTag.ToString(TagRenderMode.Normal) + Environment.NewLine;
}
else {
messageSpan = null;
}
StringBuilder htmlSummary = new StringBuilder();
TagBuilder unorderedList = new TagBuilder("ul");
unorderedList.MergeAttributes(htmlAttributes);
unorderedList.MergeAttribute("class", HtmlHelper.ValidationSummaryCssClassName);
foreach (ModelState modelState in htmlHelper.ViewData.ModelState.Values) {
foreach (ModelError modelError in modelState.Errors) {
string errorText = GetUserErrorMessageOrDefault(htmlHelper.ViewContext.HttpContext, modelError, null /* modelState */);
if (!String.IsNullOrEmpty(errorText)) {
TagBuilder listItem = new TagBuilder("li");
listItem.SetInnerText(errorText);
htmlSummary.AppendLine(listItem.ToString(TagRenderMode.Normal));
}
}
}
unorderedList.InnerHtml = htmlSummary.ToString();
return messageSpan + unorderedList.ToString(TagRenderMode.Normal);
}
您可以接着修改这个方法对待错误信息为原始的HTML。
You can then change this method to treat the error message as raw HTML.
两个警告,虽然:
-
您要更改的
的ModelState类的某些属性的含义。当你得逞,现在使用自己的HTML佣工,ASP.NET MVC的未来版本可能会引入变化不再使用这种方法的工作。
You're changing the meaning of certain properties of the
ModelStateclass. While you get away with using your own HTML helpers now, a future version of ASP.NET MVC might introduce changes that no longer work with this approach.
要非常小心,不要在未正确地转义,所以你不要暴露你的Web应用程序,以XSS攻击的错误消息。某些标准的验证注解可能无法工作下去,因为他们没有逃避HTML错误消息。
Be very careful about not using error messages that aren't properly escaped so you don't expose your web app to XSS attacks. Certain standard validation annotation might not work any longer since they don't HTML escape the error message.
这篇关于如何显示HTML元素,如在通过Html.ValidationSummary渲染错误链接()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
