在使用标签保存文本时发生错误 [英] Giving error while saving the text with tag
问题描述
我正在尝试将价值< test> 输入到地址字段中,但保存下来错误,怎么解决?
从客户端检测到潜在的危险Request.Form值(Address =< test> ) 。
修改
请检查以下代码
命名空间CEntities
{
[MetadataType(typeof(EmployeeMetaData))]
public partial class Employee
{
}
///< summary>
///持有Employee类的验证
///< / summary>
public class EmployeeMetaData
{
[Key]
public int Id {get;组; }
[必需]
[StringLength(50,ErrorMessage =名字可以接受最多50个字符。)]
public string FirstName {get;组; }
[StringLength(50,ErrorMessage =姓氏可以接受最多50个字符。)]
public string LastName {get;组; }
[StringLength(1000,ErrorMessage =地址可以接受最多1000个字符。)]
public string Address {get;组;
}
}
@YograjGupta给了你一个很好的答案,我不知道为什么 [AllowHtml] 不工作。另外一个选择是在控制器中,你是否将 EmployeeMetaData 保存到数据库中,可以添加 db.Configuration.ValidateOnSaveEnabled = false; ,然后保存更改。您还必须删除 if(ModelState.IsValid)部分。
另一个选项是替换< 和> 与 employeeMetaData.Address.Replace(<, & lt;))替换(>,& gt)
请记住,如果您使用 [AllowHtml] 属性,它使您更容易受到黑客攻击,因此您可能希望在最终版本之前删除它。或者您可以添加 Microsoft.Security.Application ,并执行类似 Sanitizer.GetSafeHtmlFragment(address)以删除不安全的html。
修改
您的控制器应该如下所示:
public ActionResult Create(Employee employee)
{
employee.Address = employee.Address.Replace(< ,&)。Replace(>,& gt);
if(ModelState.IsValid)
{
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction(Index);
}
}
或者你可以试试这个:
public ActionResult Create(Employee employee)
{
db.Configuration.ValidateOnSaveEnabled = false;
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction(Index);
}
db 是你的数据库和 Employee 是数据库中的Employee表。
I am developing MVC application using EF 4.0.
I am trying to put value , <test> to the address field but while saving its gives an below error , how to solve it ?
A potentially dangerous Request.Form value was detected from the client (Address="<test>").
Edit
Please check below code
namespace CEntities
{
[MetadataType(typeof(EmployeeMetaData))]
public partial class Employee
{
}
/// <summary>
/// Holds the validations for Employee class
/// </summary>
public class EmployeeMetaData
{
[Key]
public int Id { get; set; }
[Required]
[StringLength(50, ErrorMessage = "First name can accept maximum 50 characters.")]
public string FirstName { get; set; }
[StringLength(50, ErrorMessage = "Last name can accept maximum 50 characters.")]
public string LastName { get; set; }
[StringLength(1000, ErrorMessage = "Address can accept maximum 1000 characters.")]
public string Address { get; set; }
}
}
@YograjGupta gave you a good answer, I'm not sure why [AllowHtml] is not working. Another option is in the controller, were you save the EmployeeMetaData to the database, you can add db.Configuration.ValidateOnSaveEnabled = false;, before you save changes. You will also have to remove the if(ModelState.IsValid) part.
Another option would be to replace the < and > with employeeMetaData.Address.Replace("<", "<").Replace(">", ">")
Keep in mind that if you use the [AllowHtml] attribute, it makes you more vulnerable to hacking, so you may want to remove it before your final release. Or you can add Microsoft.Security.Application and do something like Sanitizer.GetSafeHtmlFragment(address) to remove unsafe html.
Edit
Your controller should look something like this:
public ActionResult Create(Employee employee)
{
employee.Address = employee.Address.Replace("<", "<").Replace(">", ">");
if(ModelState.IsValid)
{
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction("Index");
}
}
Or you could try this:
public ActionResult Create(Employee employee)
{
db.Configuration.ValidateOnSaveEnabled = false;
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction("Index");
}
db is your database and Employee is the Employee table in your database.
这篇关于在使用标签保存文本时发生错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
