通过Ajax Asp.Net MVC传递HTML代码
[英]Pass HTML code trough Ajax Asp.Net MVC
问题描述
I'm trying pass a html code trough Ajax like this: 
我试图像这样通过Ajax传递html代码:
Using plugin 'summernote' (WYSIWYG Editor) 使用插件“ summernote”(所见即所得编辑器)
var description = $('#ticketDescription').code();
This give me for example: 举个例子:
<span style="font-weight: bold;">asdasdasd<span>sadasd
and when Ajax process this give an 500 internal error 当Ajax处理时,这会产生500个内部错误
$.ajax({
url: '/Ticket/NewTicket',
type: 'POST',
data: {
companyId: companyId,
subject: subject,
ticketDescription: description
},
success: function(result) {
....
},
error: function(result) {
}
});
The problem is solved by removing the '<' character from string. 通过从字符串中删除'<'字符可以解决此问题。 Any solution to this? 有什么解决办法吗? Thanks 谢谢
Edit: The only way I found so far is: In javascript: 编辑:到目前为止,我发现的唯一方法是:在javascript中:
description = escape(description);
and in the controller: 并在控制器中:
ticketDescription = HttpUtility.UrlDecode(ticketDescription);
Is it correct? 这是正确的吗?
1 个解决方案
解决方案1
3 已采纳 2015-09-17 15:26:07
ValidateInput and AllowHtml attribute is what you need to set in the property ValidateInput和AllowHtml属性是您需要在属性中设置的
By default Asp.Net MVC doesn't allow a user to submit html for avoiding Cross Site Scripting attack to your application. 默认情况下,Asp.Net MVC不允许用户提交html,以避免对您的应用程序进行跨站点脚本攻击。
ValidateInput Attribute ValidateInput属性
This is the simple way to allow the submission of HTML. 这是允许提交HTML的简单方法。 This attribute can enable or disable input validation at the controller level or at any action method. 此属性可以在控制器级别或任何操作方法上启用或禁用输入验证。 ValidateInput at Controller Level 控制器级别的ValidateInput
[ValidateInput(false)]
public class HomeController : Controller
{
public ActionResult AddArticle()
{
return View();
}
[HttpPost]
public ActionResult AddArticle(BlogModel blog)
{
if (ModelState.IsValid)
{
}
return View();
}
}
Now, the user can submit Html for this Controller successfully. 现在,用户可以成功为此控制器提交HTML。 ValidateInput at Action Method Level 操作方法级别的ValidateInput
public class HomeController : Controller
{
public ActionResult AddArticle()
{
return View();
}
[ValidateInput(false)]
[HttpPost]
public ActionResult AddArticle(BlogModel blog)
{
if (ModelState.IsValid)
{
}
return View();
}
}
Now, the user can submit Html for this action method successfully. 现在,用户可以成功为此操作方法提交HTML。
Limitation of ValidateInput attribute This attribute also has the issue since this allow the Html input for all the properties and that is unsafe. ValidateInput属性的限制该属性也存在问题,因为这允许所有属性的HTML输入,并且这是不安全的。 Since you have enable Html input for only one-two properties then how to do this. 由于仅启用了针对两个属性的HTML输入,因此该如何执行。 To allow Html input for a single property, you should use AllowHtml attribute. 要允许为单个属性输入HTML,应使用AllowHtml属性。
AllowHtml Attribute AllowHtml属性
This is the best way to allow the submission of HTML for a particular property. 这是允许为特定属性提交HTML的最佳方法。 This attribute will be added to the property of a model to bypass input validation for that property only. 该属性将添加到模型的属性中,以仅绕过该属性的输入验证。 This explicit declaration is more secure than the ValidateInput attribute. 此显式声明比ValidateInput属性更安全。
using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;
public class BlogModel
{
[Required]
[Display(Name = "Title")]
public string Title { get; set; }
[AllowHtml]
[Required]
[Display(Name = "Description")]
public string Description{ get; set; }
}
Make sure, you have removed the ValidateInput attribute from Conroller or Action method. 确保已从Conroller或Action方法中删除了ValidateInput属性。 Now, the user can submit Html only for the Description property successfully. 现在,用户只能成功为Description属性提交Html。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.