动态HTML内容 - "从客户端英寸时检测到有潜在危险的Request.Form值; [英] Dynamic HTML content - "A potentially dangerous Request.Form value was detected from the client"
问题描述
我使用MVC 3和剃刀。
I'm using MVC 3 and Razor.
我有一个页面,你可以创建一个供应商。在前端,一个供应商的页面有三件事情:名称,描述(HTML),和包含HTML多个标签。我的客户想要的选项卡是动态的,他们希望能够当他们增加一个供应商添加/编辑/删除选项卡和内容。
I have a page where you can create a Vendor. On the front-end, a vendor's page has 3 things: A name, a description (HTML), and multiple tabs that contain HTML. My client wants the tabs to be dynamic, they want to be able to add/edit/delete tabs and content when they add a vendor.
因此,这里是我的数据库设计:
So here's my database design:
Vendors
-------------------
VendorID (PK)
Name
Description
VendorTabs
-------------------
VendorTabID (PK)
VendorID (FK)
Title
Content
下面是我的视图模型:
public class VendorViewModel
{
[ScaffoldColumn(false)]
public int VendorId { get; set; }
public string Name { get; set; }
[AllowHtml]
public string Description { get; set; }
}
和我的控制器POST方法:
And my controller post method:
[HttpPost]
public ActionResult Create(VendorViewModel viewModel, string[] tabTitles, string[] tabContent)
{
var vendor = new Vendor();
vendor.Name = viewModel.Name;
vendor.Description = viewModel.Description;
if (ModelState.IsValid)
{
for (int i = 0; i < tabTitles.Length; i++)
{
vendor.VendorTabs.Add(new VendorTab
{
VendorID = vendor.VendorID,
Title = tabTitles[i],
Content = tabContent[0]
});
}
_vendorsRepository.SaveVendor(vendor);
return RedirectToAction("Index");
}
return View(viewModel); // validation error, so redisplay same view
}
在我看来,我有功能动态添加/删除字段标签标题和标签说明。他们通过阵列 tabTitles
和 tabContent
传递给控制器。但是,当我在动态标签的内容发布形式HTML,我得到以下错误:
In my view, I have functionality to dynamically add/remove fields for a tab title and a tab description. They are passed to the controller through the arrays tabTitles
and tabContent
. But when I post the form with HTML in the dynamic tab content, I get the following error:
从客户端检测到有潜在危险的Request.Form值
A potentially dangerous Request.Form value was detected from the client
我就遇到了这个问题之前,与我的供应商描述字段。经过一番研究,我看到了,我可以添加 AllowHtml
注释。
I ran into this problem before, with the Description field for my Vendor. After some research, I saw that I can add the AllowHtml
annotation.
如何申请相同的功能,以我的动态内容?
How can I apply the same functionality to my dynamic content?
推荐答案
而不是阵列 tabTitle
和 tabContent
,构建您的视图模型的方式,你可以把 AllowHtmlAttribute
上,可以采取在用户内容的每个个人财产,然后就包括对这些在你要绑定的型号列表查看到
instead of arrays tabTitle
and tabContent
, structure your viewmodel in a way that you can put the AllowHtmlAttribute
on each individual property that could take in user content, and then just include a List of these in the Model you are binding the View to
public class TabViewModel
{
[AllowHtml]
public string Title { get; set; }
[AllowHtml]
public string Content { get; set; }
}
这篇关于动态HTML内容 - &QUOT;从客户端英寸时检测到有潜在危险的Request.Form值;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!