将HTML通过AJAX调用传递给C＃MVC控制器。 500错误 [英] Passing HTML over AJAX call to C# MVC Controller. 500 Error

问题描述

所以我对这一点感到有点难过。我有多个页面使用各种数据对后端的C＃控制器进行了大量成功的Ajax调用，但现在我正在尝试构建一个简单的小内容管理功能，因此在数据库中更新HTML来自JS编辑器的新HTML。

So I'm getting a bit stumped by this one. I've got multiple pages making lots of successful Ajax calls to my C# controllers on the back end with a variety of data, but now I'm trying to build a simple little content management functionality, and hence update the HTML in a database with new HTML from a JS editor.

长话短说，我已经取出了所有繁重的数据库代码，并将其缩小到我的控制器不会接受任何带有html标签的东西，或者我的ajax代码在发送它时遇到问题。

Long story short, I've taken out all the heavy Database code and narrowed it down to the fact that either my controller won't accept anything with html tags, or my ajax code is having trouble sending it.

Ajax函数是：

$.ajax({
            type: "POST",
            url: '@Url.Action("UpdateContent", "Admin")',
            data: {
                elementId: elementId,
                newContent: newContent
            },
            dataType: "json",
            success: function (data) {
                if (data.result == 'true') {
                    infoMessage('Content Updated!', 'success');
                } else {
                    infoMessage('Error: ' + data.result + '. Nothing has been updated!', 'error');
                }
            },
            error: function () {
                alert('There was a problem contacting the server.');
            }
        });

在我的控制器端，我已经拿走了所有代码，只留下一些调试写行。

And on my Controller side, I've taken away all the code to just leave some debugging write lines.

[HttpPost]
    public ActionResult UpdateContent(string elementId, string newContent)
    {
        System.Diagnostics.Debug.WriteLine("!" + elementId);
        System.Diagnostics.Debug.WriteLine("!" + newContent);
        string _result = "true";
        return Json(new { result = _result });
    }

现在有趣的是，当我有 newContent时在Ajax请求中的数据参数中设置为< p> hello< / p> 那些writelines甚至没有被调用，整个ajax调用失败。然而，当我只使用普通的字符串，例如你好它运作正常。我进一步将其缩小到开头的html括号，所以即使< p 也会失败。

Now the interesting thing is that when I have newContent in the data paramater in the Ajax request set to anything like <p>hello</p> those writelines don't even get called and the whole ajax call fails. Yet when I just use a normal string e.g. hello it works fine. I've further narrowed it down to just the opening html bracket, so even <p would fail.

考虑到这一点，这里发生了什么？其次，通过Ajax将html发送回控制器的正确方法是什么，所以这不会发生？

With this in mind, what is happening here? And secondly, what is the correct way to send html back to the controller via Ajax so this doesn't happen?

推荐答案

ASP .NET默认启用请求验证帮助防范XSS。您可以通过在操作中添加 ValidateInput 属性来禁用此功能：

ASP.NET has request validation enabled by default to help protect against XSS. You can disable this by adding the ValidateInput attribute to your action:

[HttpPost]
[ValidateInput(false)]
public ActionResult UpdateContent(string elementId, string newContent)
{
    System.Diagnostics.Debug.WriteLine("!" + elementId);
    System.Diagnostics.Debug.WriteLine("!" + newContent);
    string _result = "true";
    return Json(new { result = _result });
}

您还需要将以下内容添加到 web.config ：

You'll also need to add the following to your web.config:

<httpRuntime requestValidationMode="2.0" />

更新（更好）的选择是使用 AllowHtml 您将应用于模型上的属性的属性。这是首选，因为您只允许此道具绕过验证而不是整个请求。

A newer (and better) alternative is to use the AllowHtml attribute which you would apply to a property on your model. This is preferred because you're only allowing this prop to bypass validation instead of the entire request.

class MyModel
{
    [AllowHtml]
    public string MyHtml { get; set; }
}

这篇关于将HTML通过AJAX调用传递给C＃MVC控制器。 500错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！