我不能让ValidateInput（假）的工作 - 从客户端检测到有潜在危险的Request.Form值 [英] I can't make ValidateInput(False) work - A potentially dangerous Request.Form value was detected from the client

问题描述

我已经尝试了这么多的组合，但不能得到验证关闭这个代码块

I have tried so many combinations, but cannot get the validation to turn off on this code block

[ValidateInput(false)]
    public ActionResult aSavePageCopy()
    {
        aLoggedIn();
        int id = Convert.ToInt32(Request.Form["id"]);
        PagesDataContext pdc = new PagesDataContext();
        Page p = pdc.Pages.Single(row => row.ID == id);

        p.PageCopy = Request.Form["PageCopy"];

        pdc.SubmitChanges();

        return Redirect("/Admin/aViewPages");
    }

看来，这适用于其他人，所以我不明白我'中号在这里失踪。我得到的错误是从客户端

It seems that this works for others so I don't see what I'm missing here. The error I get is A potentially dangerous Request.Form value was detected from the client

推荐答案

您可以使用的FormCollection 这是安全的访问，而不是的Request.Form （但请不要使用它，请参阅下面真正解决你的问题）：

You could use FormCollection which is safe to access instead of Request.Form (but please don't use it, see below for the real solution to your problem):

[ValidateInput(false)]
public ActionResult aSavePageCopy(FormCollection fc)
{
    aLoggedIn();
    int id = Convert.ToInt32(fc["id"]);
    PagesDataContext pdc = new PagesDataContext();
    Page p = pdc.Pages.Single(row => row.ID == id);

    p.PageCopy = fc["PageCopy"];

    pdc.SubmitChanges();

    return Redirect("/Admin/aViewPages");
}

当然，这是解决问题的一个非常荒谬，糟糕的方式。做正确的方法是使用（当然）视图模型：

Of course that's an absolutely ridiculous and lousy way to solve the problem. The correct way to do it is to use a view model (of course):

public class MyViewModel
{
    public int Id { get; set; }
    public string PageCopy { get; set; }
}

和则：

[ValidateInput(false)]
public ActionResult aSavePageCopy(MyViewModel model)
{
    aLoggedIn();
    PagesDataContext pdc = new PagesDataContext();
    Page p = pdc.Pages.Single(row => row.ID == model.Id);

    p.PageCopy = model.PageCopy;

    pdc.SubmitChanges();

    return Redirect("/Admin/aViewPages");
}

或者如果你使用的是ASP.NET MVC 3，并希望只禁用验证在您的视图模型，而不是做整个请求的单一属性，你可以装饰与 [AllowHtml] 属性此视图模型属性：

or if you are using ASP.NET MVC 3 and wanted to disable validation only for a single property on your view model instead of doing it for the entire request you could decorate this view model property with the [AllowHtml] attribute:

public class MyViewModel
{
    public int Id { get; set; }
    [AllowHtml]
    public string PageCopy { get; set; }
}

，然后你不再需要 [ValidateInput （假）]对你的行动属性：

public ActionResult aSavePageCopy(MyViewModel model)
{
    aLoggedIn();
    PagesDataContext pdc = new PagesDataContext();
    Page p = pdc.Pages.Single(row => row.ID == model.Id);

    p.PageCopy = model.PageCopy;

    pdc.SubmitChanges();

    return Redirect("/Admin/aViewPages");
}

不仅如此，我们已经解决了这个问题，但你可以看到你不再需要写围绕整数和东西是模型绑定角色的控制器动作解析任何管道代码。

Not only that we have solved the problem but as you can see you no longer need to write any plumbing code in your controller action parsing around integers and stuff which is the role of the model binder.

这篇关于我不能让ValidateInput（假）的工作 - 从客户端检测到有潜在危险的Request.Form值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！