从客户端检测到有潜在危险的Request.Form值
1.带有html标记内容提交(使用web编辑器):
js:
<script type="text/javascript">
//简单模式
var editor;
KindEditor.ready(function (K) {
editor = K.create('textarea[name="Content"]', {
resizeType: 1,
allowPreviewEmoticons: false,
allowImageUpload: false,
items: [
'fontname', 'fontsize', '|', 'forecolor', 'hilitecolor', 'bold', 'italic', 'underline',
'removeformat', '|', 'justifyleft', 'justifycenter', 'justifyright', 'insertorderedlist',
'insertunorderedlist', '|', 'emoticons', 'image', 'link'
]
});
});
</script>
cshtml:
@using (Html.BeginForm("Add")) { <table border="0" width="100%"> <tr> <td>标题: </td> <td> <input type="text" name="Title" /> </td> </tr> <tr> <td>内容: </td> <td> <textarea name="Content" cols="30" rows="10"></textarea> </td> </tr> </table> <input type="submit" value="保存内容" /> } @if (ViewBag.Success == 1) { @:<script> alert("添加成功"); </script> }
C#:
解决方案1:标记Action方法不进行提交验证
//新增文章内容 [ValidateInput(false)] public ActionResult Add(string Title = "", string Content = "") { if (Title.Length > 0) { AddArticle(Title, Content); } return View(); }
解决方案2:(失败)
//新增文章2 public ActionResult AddTwo(string Title = "", string Content = "") { this.ValidateRequest = false;//此处禁用请求验证不起作用 if (Title.Length > 0) { AddArticle(Title, Content); } return View(); }
解决方案3:使用Ajax方法提交,将html进行转码
//提交新增内容 $(function () { $("#addBtn").click(function () { var title = $("input[name=Title]").val(); //var content = $("textarea[name=Content]").text(); 此方式不可用,返回结果为空 var content = KindEditor.escape(editor.html()); $.post("@Url.Action("AddThree")", { Title: title, Content: content }, function (data) { if (data == 1) { alert("添加成功"); } else { alert("添加失败!"); } }); }); });
后台处理:
//新增文章3 public void AddThree(string Title = "", string Content = "") { if (Title.Length > 0) { AddArticle(Title, Content); Response.Write("1"); } else { Response.Write("0"); } }
浙公网安备 33010602011771号