拒绝WebAPI模型属性中的HTML [英] Deny HTML in WebAPI model properties
问题描述
我已经搜索了一段时间,找不到任何东西,如果有什么抱歉,我很想念.
I've been searching for this for a while, and couldn't find anything, apologies if there is something and I've missed it.
Web-API 2框架中是否有任何东西可以自动拒绝字符串模型属性上的HTML标记(少数几个除外)?
Is there anything in the Web-API 2 framework that will automatically reject HTML tags on string model properties (except for a select few)?
我知道我可以创建一个自定义验证属性,并在每个属性上进行修改,但是要维护并记住在所有新模型上都要花费很多.
I know I could create a custom validation attribute, and whack it on every property, but that's a lot of over head to maintain and remember to do on all new models.
public class Person {
public string Name{ get; set; }
// ... snipped
}
我可以使用类似于以下内容的JSON向我的POST端点发出发布请求:
I can make a post request to my POST endpoint with JSON similar to:
{
"name": "<h1>This is my name</h1>"
}
在操作中,person.Name将等于"<h1>This is my name</h1>",并且不会引发验证错误
In the action the person.Name will be equal to "<h1>This is my name</h1>", with no validation errors raised
推荐答案
我一直在寻找与您相同的东西.从MVC的角度来看,我们有参数可以禁止表单中的输入字段中的html,这似乎是合理的.
I was looking for the same thing as you. Coming from a MVC standpoint where we have parameters to disallow html in input fields in forms, this seems reasonable.
我以某种方式找到了这个库,它可能以某种方式帮助您...它不能完全按照您想要的方式回答您的问题,但是可以帮助您解决否则必须生成的自定义属性如果您决定使用属性路径...
I found this library tho, that sort of, in a way might help out... It does not fully answer your question in the way you want it, but it helps out with the custom attributes you would otherwise have to generate by yourself, if you decided to go for an attribute path...
Nuget包装: https://www.nuget.org/packages/ASPNetWebAPIAntiXss/
Nuget package: https://www.nuget.org/packages/ASPNetWebAPIAntiXss/
示例和产品页面: https://bitbucket.org/embarr-development/asp.net -web-api-antixss-属性
这篇关于拒绝WebAPI模型属性中的HTML的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
