帖子HTML标记（codeS）作为字符串与ASP.net MVC和放大器; JQuery的 [英] Post HTML tag (codes) as string with ASP.net MVC & JQuery

问题描述

我想发布一个表单通过MVC模式到控制器中的保存功能。我还使用TinyMCE的在客户端，导致一个基于HTML的code字符串，如＆LT; P＆GT;内容文本等等等等...＆LT; / P＆GT;

现在的问题是，我不能发布一个字符串，包括＆LT; P＆GT;一些＆LT; / P＆GT; 但出乎意料的是，＆LT; P＆GT;一些＆LT; / P＆GT; 此字符串（用空格后＆LT;）也没问题。但是，我不能处理这个网站code和发布每一次之前进行这些空间。必须有一个更好的办法。

所以，我怎么可以张贴一个字符串，包括HTML code $通过.post的方法是什么？ （如果你一定要知道，这个项目是一个内容管理系统。所以，我一定要救基于HTML内容的文本转换为SQL表）。我看到通过调试，后期操作的甚至没有到达到控制器，我认为这是一个只有JavaScript的问题，对吗？

下面是code我使用：
Javascript的

---

功能JqueryFromPost（formId）{

  变种形式= $（formId）;
  VAR行动= form.attr（行动）;
  变种serializedForm = form.serializeArray（）;

  $。员额（动作，serializedForm，功能（数据）{
      //获取数据结果在这里...
  }）;
}

CS code

---

   [HttpPost]
   公共JsonResult SaveArticle（ArticleModel模型）
   {
       JsonResult JResult =新JsonResult（）;

       如果（ModelState.IsValid）
           //我的拯救这里JResult.Data =成功结束; （这也可以失败。所以，它只是解释）

       返回JResult;
   }

解决方案

ASP.NET有内置的请求验证，可自动帮助防止跨站脚本和HTML注入攻击。如果你想明确地禁用此验证，你可以装点您要发布帖子的<一个动作href="http://msdn.microsoft.com/en-us/library/system.web.mvc.validateinputattribute.aspx"><$c$c>[ValidateInput(false)]属性：

  [HttpPost]
[ValidateInput（假）]
公众的ActionResult SaveArticle（ArticleModel模型）
{
    VAR JResult =新JsonResult（）;
    如果（ModelState.IsValid）
    {
        ...
    }
    返回JResult;
}
 

此外，如果您在ASP.NET 4.0运行此这个属性带你需要将以下添加到您的web.config的效果：

 ＆LT;的httpRuntime requestValidationMode =2.0/＆GT;
 

如果你正在使用ASP.NET MVC 3.0，你可以只装饰在模型的属性，需要用HTML的<一个href="http://msdn.microsoft.com/en-us/library/system.web.mvc.allowhtmlattribute.aspx"><$c$c>[AllowHtml]属性：

 公共类ArticleModel
{
    [AllowHtml]
    公共字符串SomeProperty {获得;组; }

    公共字符串SomeOtherProperty {获得;组; }
}
 

另外，在你的JavaScript功能，您可能需要 连载（） 而不是 serializeArray（） ：

 函数JqueryFromPost（formId）{
    变种形式= $（formId）;
    $。员额（form.action，form.serialize（），功能（数据）{
        //获取数据结果在这里...
    }）;
}
 

I'm trying to post a Form through a MVC Model into a Save function in a controller. I'm also using tinymce on the client side which results a HTML code based string such like <p> Content text blah blah ...</p>.

The problem is that I cannot post a string that includes <p> something </p> But surprisingly, < p > something < / p > this string (with spaces after "<") has NO problem. But, I cannot handle this html code and make these spaces before posting every time. There must be a better way.

So, How can I post a string that includes HTML code through $.post method? (If you must know, this project is a Content Management System. So, I have to save the HTML based content text into a SQL table.) I saw by debugging, the post action does not even reach to the Controller and I think this is a only javascript problem, am I right?

Here is the code I am using:
Javascript

---

function JqueryFromPost(formId) {

  var form = $(formId);
  var action = form.attr("action");
  var serializedForm = form.serializeArray();

  $.post(action, serializedForm, function (data) {
      //Getting the data Result here...
  });
}

CS Code

---

   [HttpPost]
   public JsonResult SaveArticle(ArticleModel model)
   {
       JsonResult JResult = new JsonResult();

       if (ModelState.IsValid)
           //I do the saving here ending with "JResult.Data = "Success";" (this could also be Failed. So, its just to explain)

       return JResult;
   }

解决方案

ASP.NET has built-in request validation that automatically helps protect against XSS and HTML injection attacks. If you want to explicitly disable this validation you could decorate the action you are posting to with the [ValidateInput(false)] attribute:

[HttpPost]
[ValidateInput(false)]   
public ActionResult SaveArticle(ArticleModel model)
{
    var JResult = new JsonResult();
    if (ModelState.IsValid)
    {
        ...
    }
    return JResult;
}

Also if you are running this on ASP.NET 4.0 for this attribute to take effect you need to add the following to your web.config:

<httpRuntime requestValidationMode="2.0" />

And if you are using ASP.NET MVC 3.0 you could decorate only the property on your model that requires HTML with the [AllowHtml] attribute:

public class ArticleModel 
{
    [AllowHtml]
    public string SomeProperty { get; set; }

    public string SomeOtherProperty { get; set; }
}

Also in your javascript function you probably want serialize() instead of serializeArray():

function JqueryFromPost(formId) {
    var form = $(formId);
    $.post(form.action, form.serialize(), function (data) {
        //Getting the data Result here...
    });
}

这篇关于帖子HTML标记（codeS）作为字符串与ASP.net MVC和放大器; JQuery的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！