检测到潜在危险的Request.Form值 [英] A potentially dangerous Request.Form value was detected
问题描述
我有它的大规模杀伤性武器的编辑形式。输入文本区域使用渲染:
<%:Html.TextAreaFor(T => t.NewsBody,新{@类=大规模杀伤性武器面板ID =大规模杀伤性武器输入})%GT ;
我每次提交我得到的形式从客户端检测到有潜在危险的Request.Form值
我试着设置[ValidateInput(假)的操作方法,我尝试添加
来web.config中,我已经试过
<的httpRuntime requestValidationMode =2.0/> validateRequest =false的
在页面指令在web.config中,但它仍然发生。
任何想法?
修改
操作方法:
[ILFFAuthorize(角色=管理员)] //这是一个自定义的身份验证attrobite
[HttpPost]
[ValidateInput(假)]
公众的ActionResult AddNews(COL的FormCollection){ //公众的ActionResult AddNews(新闻新闻)
// {
如果(ModelState.IsValid)
{
新闻新闻=新新闻();
news.NewsDate = DateTime.Now;
news.NewsPosterId = 0; news.NewsTitle = COL [NewsTitle];
news.NewsBody = COL [NewsBody];
newsRepository.Add(新闻);
newsRepository.Save(); 返回RedirectToAction(指数,家);
}
其他
{
返回查看();
}
}
您需要将这个之上的 [HttpPost]
操作方法
[HttpPost]
[ValidateInput(假)]
公众的ActionResult编辑(的FormCollection集合){
.....
}
如果你正在使用MVC3那么你should't使用 [ValidateInput(假)]
,但使用 [AllowHtml]
此处解释:的http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/
也:尝试把 [ValidateInput(假)]
上方的 [HttpPost]
不在,我记得,这些得到最高执行到底。 p>
I have a form with the wmd editor on it. The input text area is rendered using:
<%: Html.TextAreaFor(t => t.NewsBody, new{@class="wmd-panel", id="wmd-input"}) %>
Every time I submit the form I get A potentially dangerous Request.Form value was detected from the client
I tried setting [ValidateInput(false)] on the action method, I tried adding
<httpRuntime requestValidationMode="2.0" />
to the web.config and I've tried validateRequest="false"
in the pages directive in web.config but it's still happening.
Any ideas?
Edit
Action method:
[ILFFAuthorize(Roles = "Admin")] // this is a custom auth attrobite
[HttpPost]
[ValidateInput(false)]
public ActionResult AddNews(FormCollection col){
//public ActionResult AddNews(News news)
//{
if (ModelState.IsValid)
{
News news = new News();
news.NewsDate = DateTime.Now;
news.NewsPosterId = 0;
news.NewsTitle = col["NewsTitle"];
news.NewsBody = col["NewsBody"];
newsRepository.Add(news);
newsRepository.Save();
return RedirectToAction("Index", "Home");
}
else
{
return View();
}
}
You need to place this on top of your [HttpPost]
action method
[HttpPost]
[ValidateInput(false)]
public ActionResult Edit(FormCollection collection) {
.....
}
If you are using MVC3 then you should't use [ValidateInput(false)]
but use [AllowHtml]
which is explained here: http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/
also: try putting [ValidateInput(false)]
above your [HttpPost]
not under, As I remember, these get executed top to bottom.
这篇关于检测到潜在危险的Request.Form值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!