ASP.NET MVC AllowHtml错误或某些我未正确使用的东西 [英] ASP.NET MVC AllowHtml bug or something I didn't use correctly
问题描述
我的模型包含一个名为"longdescription"的字符串字段,该字段获取tinymce编辑器内容的值
My model contains a string field called "longdescription" which gets the value of the tinymce editor's content
Public class ArticleModel:BaseModel{
[StringLength(8000, ErrorMessage = "Long description must be in 8000 characters or less"), AllowHtml]
public string LongDescription { get; set; }
}
这是我的控制器代码
[HttpPost]
public ActionResult AddEdit(ArticleModel model)
{
string buttonName = Request.Form["Button"];
if (buttonName == "Cancel")
return RedirectToAction("Index");
// something failed
if (!ModelState.IsValid)
{
}
// Update the articles
}
我的问题是,当我使用Request.Form访问帖子值时,它工作正常而没有引发潜在危险...."错误,但是当我使用Request.Params ["Button"]时,它抛出了错误错误.是我缺少的东西吗?
My problem is when I use Request.Form to access the post value, it's working fine without throwing "A potentially dangerous...." error, but when I use Request.Params["Button"], it threw that errors. Is something I am missing?
谢谢
已更新
对不起,亚当给出的答案并没有真正回答我的问题.谁能提供更多建议?
Sorry the answer Adam gave doesn't really answer my question. Can anyone give more suggestion?
推荐答案
It is the HttpRequest.Params getter that is throwing this exception. This getter basically builds and returns a key/value pair collection which is the aggregation of the QueryString, Form, Cookies and ServerVariables collections in that order. Now what is important is that when you use this getter it will always perform request validation and this no matter whether you used the [AllowHtml] attribute on some model property or if you decorated the controller action with the [ValidateInput(false)] attribute and disabled all input validation.
因此,这并不是AllowHtml属性中的错误.这是Params属性的设计方式.
So this is not really a bug in the AllowHtml attribute. It is how the Params property is designed.
正如@Adam在他的回答中提到的那样,您应该避免手动访问请求值.您应该使用值提供程序,该提供程序应考虑到某些情况,例如某些字段的请求验证已禁用.
As @Adam mentioned in his answer you should avoid accessing request values manually. You should use value providers which take into account things such as disabled request validation for some fields.
因此,只需在视图模型中添加另一个属性即可:
So simply add another property to your view model:
public class ArticleModel: BaseModel
{
[StringLength(8000, ErrorMessage = "Long description must be in 8000 characters or less")]
[AllowHtml]
public string LongDescription { get; set; }
public string Button { get; set; }
}
,然后在您的控制器操作中:
and then in your controller action:
[HttpPost]
public ActionResult AddEdit(ArticleModel model)
{
string buttonName = model.Button;
if (buttonName == "Cancel")
{
return RedirectToAction("Index");
}
// something failed
if (!ModelState.IsValid)
{
}
// Update the articles
}
这篇关于ASP.NET MVC AllowHtml错误或某些我未正确使用的东西的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
