kendoui网格在mvc3安全漏洞中,我该如何解决? [英] kendoui grid in mvc3 security vulnerability, how do i get around it?
问题描述
kendoUI网格使用HttpGet请求在AJAX请求期间更新数据. (http://www.kendoui.com/documentation/asp-net-mvc/helpers/grid/ajax-binding.aspx)服务器返回Json结果,为了使其工作,我们需要使用以下代码:
The kendoUI grid uses HttpGet requests to update the data during an AJAX request. (http://www.kendoui.com/documentation/asp-net-mvc/helpers/grid/ajax-binding.aspx) The server returns a Json result, and, in order to get it to work, we need to use the following code:
return Json(Result, JsonRequestBehavior.AllowGet);
这可以很好地完成工作,但这是一个安全漏洞(这就是Microsoft让我们在其中放置"AllowGet"的原因).
That does the job just fine, but it's a security vulnerability (that's why Microsoft makes us put the "AllowGet" in there).
返回Json的安全方法是在HttpPost中,但是kendoui网格不允许这样做.
The safe way to return the Json would be in an HttpPost, but the kendoui grid doesn't allow it.
我想使用kendoui网格.有没有办法使用HttpGet,返回Json并安全地执行此操作?
I want to use the kendoui grid. Is there a way to use the HttpGet, return Json, and do it securely?
谢谢!
推荐答案
如果您使用Kendo Grid的MVC包装器,则不会发生这种情况.由于这种ASP.NET MVC行为,网格被配置为发出POST请求.但是请确保已包含kendo.aspnetmvc.min.js.可以在 docs 中找到更多信息.
If you are using the MVC wrapper of the Kendo Grid this would not happen. There the grid is configured to make POST requests because of this ASP.NET MVC behavior. Make sure you have included kendo.aspnetmvc.min.js though. More info can be found in the docs.
这篇关于kendoui网格在mvc3安全漏洞中,我该如何解决?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
