检测到潜在危险的Request.Form值 [英] A potentially dangerous Request.Form value was detected

问题描述

我有它的大规模杀伤性武器的编辑形式。输入文本区域使用渲染：

 ＆LT;％：Html.TextAreaFor（T =＆GT; t.NewsBody，新{@类=大规模杀伤性武器面板ID =大规模杀伤性武器输入}）％GT ;
 

我每次提交我得到的形式从客户端检测到有潜在危险的Request.Form值

我试着设置[ValidateInput（假）的操作方法，我尝试添加
    ＆LT;的httpRuntime requestValidationMode =2.0/＆GT; 来web.config中，我已经试过 validateRequest =false的在页面指令在web.config中，但它仍然发生。

任何想法？

修改

操作方法：

  [ILFFAuthorize（角色=管理员）] //这是一个自定义的身份验证attrobite
        [HttpPost]
        [ValidateInput（假）]
        公众的ActionResult AddNews（COL的FormCollection）{        //公众的ActionResult AddNews（新闻新闻）
        // {
            如果（ModelState.IsValid）
            {
                新闻新闻=新新闻（）;
                news.NewsDate = DateTime.Now;
                news.NewsPosterId = 0;                news.NewsTitle = COL [NewsTitle];
                news.NewsBody = COL [NewsBody];
                newsRepository.Add（新闻）;
                newsRepository.Save（）;                返回RedirectToAction（指数，家）;
            }
            其他
            {
                返回查看（）;
            }
        }
 

解决方案

您需要将这个之上的 [HttpPost] 操作方法

  [HttpPost]
    [ValidateInput（假）]
    公众的ActionResult编辑（的FormCollection集合）{
       .....
    }
 

如果你正在使用MVC3那么你should't使用 [ValidateInput（假）] ，但使用 [AllowHtml] 此处解释：的http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/

也：尝试把 [ValidateInput（假）] 上方的 [HttpPost] 不在，我记得，这些得到最高执行到底。

I have a form with the wmd editor on it. The input text area is rendered using:

<%: Html.TextAreaFor(t => t.NewsBody, new{@class="wmd-panel", id="wmd-input"}) %>

Every time I submit the form I get A potentially dangerous Request.Form value was detected from the client

I tried setting [ValidateInput(false)] on the action method, I tried adding <httpRuntime requestValidationMode="2.0" /> to the web.config and I've tried validateRequest="false" in the pages directive in web.config but it's still happening.

Any ideas?

Edit

Action method:

 [ILFFAuthorize(Roles = "Admin")] // this is a custom auth attrobite
        [HttpPost]
        [ValidateInput(false)]
        public ActionResult AddNews(FormCollection col){

        //public ActionResult AddNews(News news)
        //{
            if (ModelState.IsValid)
            {
                News news = new News();
                news.NewsDate = DateTime.Now;
                news.NewsPosterId = 0;

                news.NewsTitle = col["NewsTitle"];
                news.NewsBody = col["NewsBody"];
                newsRepository.Add(news);
                newsRepository.Save();

                return RedirectToAction("Index", "Home");
            }
            else
            {
                return View();
            }
        }

解决方案

You need to place this on top of your [HttpPost] action method

    [HttpPost]
    [ValidateInput(false)]
    public ActionResult Edit(FormCollection collection) {
       .....
    }

If you are using MVC3 then you should't use [ValidateInput(false)] but use [AllowHtml] which is explained here: http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/

also: try putting [ValidateInput(false)] above your [HttpPost] not under, As I remember, these get executed top to bottom.

这篇关于检测到潜在危险的Request.Form值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！