问题MVC3 AllowHtml属性 [英] Problem with MVC3 AllowHtml attribute

问题描述

我有一个基于MVC3的web应用程序（没有测试版或发布候选版，RTM / RTW版本），有一个接受的XML文件进行处理的操作。

I have a web app based on MVC3 (no beta or release candidate, RTM/RTW version) that has an action that accepts XML files for processing.

当然，这似乎邪恶的MVC的，因为可能的攻击，因此它不会允许它。好吧，我尽量把要么AllowHtml模型对象这样的：

Of course, this seems evil to MVC because of possible attacks, so it doesn't allow it. Well, I try to put either AllowHtml on the model object as such:

   public class XMLModel
    {
        [AllowHtml]
        public string msg { get; set; }
    }

或者我设置ValidateInput在我的操作方法假像这样的：

Or I set ValidateInput to false on my action method such as this:

    [ValidateInput(false)]
    public ActionResult AddCDR(XMLModel model)
    {
    }

原因首先有一个强类型模型是我最初试图有一个名为MSG作为action方法参数的字符串值，但总是回来空。

The reason for having a "strongly" typed model in the first place was that I originally tried to have a string value named "msg" as the action method parameter, but that always came back empty.

现在，当有人职位，以这种形式，无论是在同一台机器或一个联网的计算机，味精领域始终是空白。

Now, when someone posts to this form, either on the same machine or from a networked computer, the msg field is always blank.

我已使用Wireshark验证数据实际上是在请求。

I have verified with WireShark that the data is actually in the request.

现在，一件有趣的事情。 这不应该是必要用MVC 3 。然而，它使一个细微的差别。

Now, one interesting thing. This should not be necessary with MVC 3. Yet it makes a slight difference.

如果我将它添加到我的web配置：

If I add this to my web config:

<httpRuntime requestValidationMode="2.0" />

它适用于从本地计算机发起的请求，但它不会从其他系统工作。

It works for requests originating from the local computer, but it does NOT work from another system.

我觉得AllowHtml版本似乎优雅的 - 只要它的工作

I think the AllowHtml version seems elegant - if only it worked.

我也发现了在RC2中的错误 - 再次，这不应该影响到我，但我试图加入的Application_Start下列（）反正：

I have also found out about a bug in RC2 - again, this should not affect me, but I tried to add the following in Application_Start() anyway:

ModelMetadataProviders.Current = new DataAnnotationsModelMetadataProvider();

正如预期的那样，它并没有真正的区别。

As expected, it makes no real difference.

一切正常，我的开发计算机（Win7x64，VS2010）作为预期，但目标系统（Win2008R2x64，IIS7.5）上述问题都让我很难。在

Everything works as expected on my development computer (Win7x64, VS2010), but on the target system (Win2008R2x64, IIS7.5) the above problems are giving me a hard time.

很重要的一点要注意：如果我发布到不带尖括号的动作，我得到预期的表单​​数据。只要尖括号表明了，虽然，无论是我的动作完全不叫，还是没有找到表单数据，无论是在动作方法参数或比如在Request.Params [消息]在那里应该的。

Very important point to note: If I post to the action with no angle brackets, I get the form data as expected. As soon as the angle brackets show up, though, either my action isn't called at all, or it doesn't find the form data, neither in action method parameters or in for instance Request.Params["msg"] where it should be.

任何想法允许通过XML？

Any ideas to allow the XML through?

更新

我努力工作，我的方式解决这个等待任何人都可以想出一个答案在这里。我一直没能解决这个问题，但我已签了一些额外的细节;

I've tried to work my way around this while waiting for anyone to come up with an answer here. I have not been able to solve it yet, but I have checked a few additional details;

• 首先，我核实，我的两个开发计算机和Web服务器上安装了ASP.NET MVC 3的版本是一样的; v3.0.20105.0（按添加/删除程序）。


• Web应用程序实际上是用MVC3公测创建的，然后转换为RC1和RC2，他们出来了，终于到了RTM版本。这意味着我不得不修改，因为ViewBag变化的某些code。然而，因为我不知道到底还有什么改变了没，我创建了RTM版本一个全新的应用MVC3，由同一个名字创建了一个控制器，具有同样的操作方法，采取类似目前使用的一个模型对象，改名为旧的Web应用程序目录，并制定新的。同样的事情发生了 - 即具有AllowHtml属性参数来通过与当请求从本地机器的所有内容，但如果它来自远程机器，然后将HTML（XML实际上）被剥离出来。
  
  
  
  • 没有例外。我已经安装ELMAH并验证此 - 没有异常发生时，我的行动方法显然是刚打电话与任何东西看起来像XML从参数到方法剥离出来
  
  

  不用说，这是推动我疯了。昨天我一些建议，看看MVC3源$ C ​​$ C，但不幸的是，这并不真正帮助我，因为我看不出什么明显的错误在那里，我不能调试$ C $放在c服务器有问题。

  Needless to say, this is driving me crazy. I had some advice yesterday to look at the source code of MVC3, but unfortunately that doesn't really help me, as I can't see anything obviously wrong there, and I can't debug code on the server in question.

  任何见解还是非常理想的，谢谢！ ：）

  Any insights still highly desired, thanks! :)

  推荐答案

  我回答这个问题我自己，因为这是一个不起眼的局面，MVC3是没问题的。

  I am answering this myself because this was an obscure situation, and MVC3 was not the problem.

  这是发布的数据，以我的应用程序的系统与畸形数据这么做。除此之外，有人告诉我，他们也张贴到了工作就好了一个较旧的应用程序MVC2 - 这是错误的，事实证明，他们在这种情况下都拿到，并得到他们碰巧正确地做

  The system that POSTed data to my application was doing so with malformed data. In addition to that, I was told that they were also POSTing to an older MVC2 application that worked just fine - this was wrong, it turned out they were GETting in that case, and GET they happen to do correctly.

  如果任何东西，相当彻底的测试已经证实AllowHtml属性实际上工作得很好。永远不要相信你的输入，寿。 ：）

  If anything, fairly thorough testing has confirmed that the AllowHtml attribute actually works very well. Never trust your input, tho. :)

  这篇关于问题MVC3 AllowHtml属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！