无法通过符号和井号的MVC [英] Cannot pass ampersand and hash sign in MVC

问题描述

我有这个code

@using (Ajax.BeginForm("LoadFilter", "Contact", new { filterType = (int)FilterContactBy.Name }, new AjaxOptions { OnBegin = "ShowProgrees", OnSuccess = "HideProgress" }))
{
      @Html.TextBoxFor(m => m.ContactFilter.FilterValue, new { placeholder = "Enter a name" })                                                                                                      
      <input type="submit" class="link submit green" value="Add Filter" />                            
 }

由于相当明显，在 ShowProgress 和 HideProgress 方法做什么，但显示和隐藏装载机GIF。

As quite obvious, the ShowProgress and HideProgress method do nothing but show and hide a loader gif.

在后台的方法是

 [HttpPost]
 public ActionResult LoadFilter(ContactListModel filter, int filterType=0, Boolean isAllFilterApply=true)
 {
     if (filter != null)
     {
         // process here
     }
 }

它工作正常，如果我输入任何内容，例如：

It works fine if I enter anything, for example

hi
test
me & you
contact #1
contact #1 and me

但
当我输入＆功放;在＃一起从任何错误发生。装载机GIF只是不断移动，并在控制器上的code是从来没有击中。

BUT
When I enter &# together in any from error occurs. The loader gif just keeps moving and the code on Controller is never hit.

此外，在Chrome浏览器的控制台，它显示了 500内部服务器错误（也是如此火狐！）。

Also, in Chrome console, it shows 500 Internal Server Error (and so does Firefox!).

我的解决方案
我试过逃跑和 ENO codeURIComponent ，但它并没有奏效。这是我试过的方法

My Solution
I tried escape and enocodeURIComponent but it didn't worked. Here's the method I tried

$.ajaxPrefilter(function(o, org, xhr) { 
  if (org.url.indexOf('/Contact/LoadFilter?filterType=') > -1) {
    // console.log(org.data[0].value);
    org.data[0].value = encodeURIComponent(org.data[0].value);
    // console.log(org.data[0].value);    
  }
});

输出（控制台）

The output (in console)

&#
%26%23 

在代替连接codeURIComponent 我用逃跑，输出是一样的。

When instead of encodeURIComponent I used escape, the output was same

&#
%26%23

但它仍然没有打在控制器的方法。任何人都可以请帮我得到一个解决方案，更重要的是，告诉我的为什么的是摆在首位发生这种情况？

But it still doesn't hit the method on controller. Can anyone please help me to get a solution, and more importantly, tell me why is this occurring in the first place?

PS
请不要问我，有什么用输入＆放大器;在接触过滤器＃，或删除这些并告诉客户这不是一个有效的输入。我不能做到这一点，所以请不要指点说。

ps
Please don't ask me that what is the use of inputting &# in a contact filter, or to remove these and tell client this is not a valid input. I can't do that, so please don't advice that.

更新
有没有人甚至读这充分？我不是问这个的我怎么能去code 的。 否。标记为重复或将其标记为关闭之前，请先阅读完整的问题。

Update
Is anyone even reading this fully? I am not asking that how can I decode. NO. Please read the full question before marking it as duplicate or marking it for close.

推荐答案

好了，我得到了这一点。

Okay, I got this.

我在code这样的创建的Application_BeginRequest 在的Global.asax ..

I created Application_BeginRequest in Global.asax in the code like this..

protected void Application_BeginRequest(Object sender, EventArgs e)
        {
            var httpApp = (HttpApplication)sender;
            Debug.Write(httpApp);
        }

我坐在 httpApp 的断点，然后在看窗口，检查 httpApp.Request ，发现它在那里。它说（东西我不记得现在）抛出异常的类型'System.Web.Htt prequestValidationException 。

I sat a breakpoint of httpApp and then in the watch window, checked for httpApp.Request and found that it was there. It said (something I don't remember right now) threw an exception of type 'System.Web.HttpRequestValidationException'.

所以，我得到的错误是因为这样，所以对方法 LoadFilter ，我刚添加的属性 ValidateInput（假），和它的工作

So, I got that the error was because of this, so on the method LoadFilter, I just added the attribute ValidateInput(false), and it's working

[HttpPost]
[ValidateInput(false)]
 public ActionResult LoadFilter(ContactListModel filter, int filterType=0, Boolean isAllFilterApply=true)
 {
   // process here
 }

虽然，我必须检查SQL注入在这里，因为我们正在建立从我们收到的输入动态查询。

Though, I do have to check for sql injection in here because we are building up a dynamic query from the input we receive.

这篇关于无法通过符号和井号的MVC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！