[英]can't pass html tags in parameters in $.post()
I am using a userControl in MVC 4 that has a telerik radeditor. 我在具有telerik radeditor的MVC 4中使用userControl。 I want to submit the content of the radeditor the the action method but if I user editor.get_html() the code doesn't execute.
我想通过操作方法提交radeditor的内容,但是如果我使用editor.get_html(),则代码不会执行。
the javascript call to the action method is the following: 对action方法的javascript调用如下:
function Save() {
var editor = $find("<%=radEdit.ClientID%>");
var editorHtmlContent = editor.get_html();
var entityId = document.getElementById('hdEntityId').value;
var url = '<%=Url.Action("SaveNote", "staticController")%>';
$.post(url, { EntityId: entityId, Desc: editorHtmlContent }, function (result) { });
}
any clue? 有什么线索吗?
Posting HTML tags is being considered a security threat (HTML Injection and Cross-site Scripting (XSS)), so it is blocked by default. 发布HTML标签被认为是安全威胁(HTML注入和跨站点脚本(XSS)),因此默认情况下将其阻止。 You have three ways out of this:
您有三种解决方法:
If you have strongly typed model class and want to get the actual HTML, you can use AllowHtmlAttribute
: 如果您具有强类型化的模型类并想要获取实际的HTML,则可以使用
AllowHtmlAttribute
:
public class XMLModel { public int EntityId { get; set; } [AllowHtml] public string Desc { get; set; } }
Last option is to disable input validation for entire action, which can be done with ValidateInputAttribute
: 最后一个选项是禁用整个操作的输入验证,这可以通过
ValidateInputAttribute
完成:
[ValidateInput(false)] [HttpPost] public ActionResult SaveNote(...) { ... }
You should choose the option most suitable for you. 您应该选择最适合您的选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.