通过Ajax Asp.Net MVC传递HTML代码 [英] Pass HTML code trough Ajax Asp.Net MVC

问题描述

我正在尝试通过这样的Ajax传递一个HTML代码：

I'm trying pass a html code trough Ajax like this:

使用插件'summernote'（WYSIWYG Editor）

Using plugin 'summernote' (WYSIWYG Editor)

var description = $('#ticketDescription').code();

这给我举个例子：

<span style="font-weight: bold;">asdasdasd<span>sadasd

当Ajax处理时会产生500内部错误

and when Ajax process this give an 500 internal error

$.ajax({
                url: '/Ticket/NewTicket',
                type: 'POST',
                data: {
                    companyId: companyId,
                    subject: subject,
                    ticketDescription: description
                },

                success: function(result) {
                    ....
                },
                error: function(result) {

                }
            });

通过从字符串中删除'<'字符来解决问题。
任何解决方案？
谢谢

The problem is solved by removing the '<' character from string. Any solution to this? Thanks

编辑：到目前为止我找到的唯一方法是：
在javascript中：

The only way I found so far is: In javascript:

description = escape(description);

和控制器中：

ticketDescription = HttpUtility.UrlDecode(ticketDescription);

是否正确？

推荐答案

ValidateInput 和 AllowHtml 属性是您需要在属性中设置的内容

ValidateInput and AllowHtml attribute is what you need to set in the property

默认情况下，Asp.Net MVC不允许用户提交html以避免对您的应用程序进行跨站点脚本攻击。

By default Asp.Net MVC doesn't allow a user to submit html for avoiding Cross Site Scripting attack to your application.

验证输入属性

这是允许提交HTML的简单方法。此属性可以在控制器级别或任何操作方法启用或禁用输入验证。
控制器级别的ValidateInput

This is the simple way to allow the submission of HTML. This attribute can enable or disable input validation at the controller level or at any action method. ValidateInput at Controller Level

[ValidateInput(false)]
public class HomeController : Controller
{
 public ActionResult AddArticle()
 {
 return View();
 }

 [HttpPost]
 public ActionResult AddArticle(BlogModel blog)
 {
 if (ModelState.IsValid)
 {

 }
 return View();
 }
}

现在，用户可以成功为此Controller提交Html 。
操作方法级别的ValidateInput

Now, the user can submit Html for this Controller successfully. ValidateInput at Action Method Level

public class HomeController : Controller
{
 public ActionResult AddArticle()
 {
 return View();
 }

 [ValidateInput(false)]
 [HttpPost]
 public ActionResult AddArticle(BlogModel blog)
 {
 if (ModelState.IsValid)
 {

 }
 return View();
 }
}

现在，用户可以为此操作方法提交Html成功。

Now, the user can submit Html for this action method successfully.

ValidateInput属性的限制
此属性也有问题，因为这允许所有属性的Html输入并且不安全。由于您只为一两个属性启用了Html输入，因此如何执行此操作。要允许单个属性的Html输入，您应该使用AllowHtml属性。

Limitation of ValidateInput attribute This attribute also has the issue since this allow the Html input for all the properties and that is unsafe. Since you have enable Html input for only one-two properties then how to do this. To allow Html input for a single property, you should use AllowHtml attribute.

AllowHtml属性

这是允许为特定属性提交HTML的最佳方式。此属性将添加到模型的属性中，以仅绕过该属性的输入验证。此显式声明比ValidateInput属性更安全。

This is the best way to allow the submission of HTML for a particular property. This attribute will be added to the property of a model to bypass input validation for that property only. This explicit declaration is more secure than the ValidateInput attribute.

using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;

public class BlogModel
{
 [Required]
 [Display(Name = "Title")]
 public string Title { get; set; }

 [AllowHtml]
 [Required]
 [Display(Name = "Description")]
 public string Description{ get; set; }
} 

确保已从Conroller或Action方法中删除了ValidateInput属性。现在，用户只能为Description属性成功提交Html。

Make sure, you have removed the ValidateInput attribute from Conroller or Action method. Now, the user can submit Html only for the Description property successfully.

这篇关于通过Ajax Asp.Net MVC传递HTML代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！