在表单中输入HTML时的Asp Mvc处理错误 [英] Asp Mvc Handling Error when entering HTML in form

问题描述

是否有可能处理从客户端检测到潜在危险的Request.Form值(Model.Title =< p> some text</p>").系统范围?这个问题的答案建议在每个属性上添加一些验证.我不想那样做.是否可以通过错误消息将用户重定向回表单，提示他们输入了无效的输入?

Is it possible to handle the A potentially dangerous Request.Form value was detected from the client (Model.Title="<p>some text</p>"). system wide? Answers in this question suggest to add some validation on each attribute. I don't want to do that. Is it possible to redirect the user back to the form with an error message telling them they entered invalid input?

修改:为了澄清，我不想接受HTML，我只想向用户显示一条友好的错误消息(例如用于验证属性的错误消息).

Edit: To clarify, I don't want to accept the HTML, I just want to show the user a friendly error message (like the ones for the validation of attributes).

Edit2 :我知道可以将属性添加到属性中以允许HTML或禁用验证.由于存在多种形式，因此我不想使用 [AllowHtml] 污染我的属性或禁用验证(因为我需要验证).我正在寻找一种方法来拦截MVC流并在触发它时捕获此错误.

Edit2: I know I can add attributes to my properties to allow HTML or disable the validation. Since there are a lot of forms, I don't want to pollute al my properties with [AllowHtml] or disable the validation (because I need validation). I'm looking for a way to intercept the MVC-flow and catch this error when it gets triggered.

推荐答案

如果您不想接受HTML，我认为唯一的方法是允许HTML提交，然后检查是否存在任何HTML.服务器端的HTML标签.如果找到，您将使用以下代码将用户返回表单:

If you don't want to accept the HTML, I think the only way is to allow the HTML to be submitted, and then check for the presence of any HTML tags server-side. If found, you would then return your user to the form with code like this:

if (input.Contains("<")) {
   Model.AddModelError("HTML_FOUND", "There is HTML in your input. Please remove the HTML before trying to submit again");
   return View();
}

使用过滤器 查看全文