在表单中输入HTML时的Asp Mvc处理错误 [英] Asp Mvc Handling Error when entering HTML in form
问题描述
是否有可能处理从客户端检测到潜在危险的Request.Form值(Model.Title =< p> some text</p>").
系统范围?这个问题的答案建议在每个属性上添加一些验证.我不想那样做.是否可以通过错误消息将用户重定向回表单,提示他们输入了无效的输入?
Is it possible to handle the A potentially dangerous Request.Form value was detected from the client (Model.Title="<p>some text</p>").
system wide? Answers in this question suggest to add some validation on each attribute. I don't want to do that. Is it possible to redirect the user back to the form with an error message telling them they entered invalid input?
修改:为了澄清,我不想接受HTML,我只想向用户显示一条友好的错误消息(例如用于验证属性的错误消息).
Edit: To clarify, I don't want to accept the HTML, I just want to show the user a friendly error message (like the ones for the validation of attributes).
Edit2 :我知道可以将属性添加到属性中以允许HTML或禁用验证.由于存在多种形式,因此我不想使用 [AllowHtml]
污染我的属性或禁用验证(因为我需要验证).我正在寻找一种方法来拦截MVC流并在触发它时捕获此错误.
Edit2: I know I can add attributes to my properties to allow HTML or disable the validation. Since there are a lot of forms, I don't want to pollute al my properties with [AllowHtml]
or disable the validation (because I need validation). I'm looking for a way to intercept the MVC-flow and catch this error when it gets triggered.
推荐答案
如果您不想接受HTML,我认为唯一的方法是允许HTML提交,然后检查是否存在任何HTML.服务器端的HTML标签.如果找到,您将使用以下代码将用户返回表单:
If you don't want to accept the HTML, I think the only way is to allow the HTML to be submitted, and then check for the presence of any HTML tags server-side. If found, you would then return your user to the form with code like this:
if (input.Contains("<")) {
Model.AddModelError("HTML_FOUND", "There is HTML in your input. Please remove the HTML before trying to submit again");
return View();
}
使用过滤器 查看全文