使用敲除将HTML字符串传递给C#控制器。 我究竟做错了什么?
[英]using knockout to pass an HTML string to a C# controller. What am I doing wrong?
问题描述
Alright. 
好的。 I can get the HTML I need from the page (it's all in a DIV). 我可以从页面中获取所需的HTML(全部包含在DIV中)。 That's not the problem. 那不是问题。 What I need to do is take the HTML and pass it, via a C# class into a controller. 我需要做的是获取HTML并将其通过C#类传递到控制器中。
I tried doing something like this with knockout/jQuery: 我试图用敲除/ jQuery做这样的事情:
var Details = $("#Details").html();
console.log(Details);
DetailsPdf.DetailsMarkup = JSON.stringify(Details);
var jsonData = ko.toJS(Details);
ko.utils.postJson("/MyController/MyAction", DetailsPdf);
The knockout actually DOES get me the relevant HTML. 淘汰赛确实为我提供了相关的HTML。 But when I pass it to my class, I get an exception that reads: 但是,当我将其传递给我的班级时,我得到一个异常,内容为:
A potentially dangerous Request.Form value was detected from the client. 从客户端检测到潜在的危险Request.Form值。
Then it partially shows the HTML I was sending as a part of the exception. 然后部分显示了我作为异常的一部分发送的HTML。 I can't even seem to pass in the entities themselves without getting that exception. 我什至似乎都无法通过实体本身而不得到那个例外。
This is an app with certain company-mandated security features, so turning off validation is not an option. 这是一款具有某些公司规定的安全功能的应用程序,因此无法关闭验证。
I need the HTML, or at least a way to re-create it on the server in the C#. 我需要HTML,或者至少需要一种在C#的服务器上重新创建HTML的方法。
I'm still fairly new to knockout. 我还是淘汰赛的新手。 Does anyone have any suggestions here? 有人在这里有什么建议吗?
2 个解决方案
解决方案1
0 2016-02-15 22:01:02
You should be able to decorate your model (the one that the controller action is expecting) with the [AllowHtml] attribute on the property that has the HTML. 您应该能够使用具有HTML的属性上的[AllowHtml]属性来装饰模型(控制器动作期望的模型)。
When you do that, MVC skips the validation for that property. 当您这样做时,MVC跳过对该属性的验证。
Here's a link to the documentation for more information. 这是文档的链接 ,以获取更多信息。
Note Use this ONLY when you need to. 注意仅在需要时使用此选项。 It does open a vector for XSS if misused. 如果使用不当,它将为XSS打开一个向量。
Edit: If for some reason, You can't use the [AllowHtml] attribute, you can turn off validating the request for that one action with [ValidateInput(false)] . 编辑:如果由于某种原因,您不能使用[AllowHtml]属性,则可以使用[ValidateInput(false)]关闭验证针对该操作的请求。
Same rules apply. 同样的规则适用。 Use that very sparingly. 非常谨慎地使用它。 This means none of security validations will run against that particular model in that particular action only. 这意味着没有安全验证将仅在该特定操作中针对该特定模型运行。
解决方案2
0 已采纳 2016-02-16 02:20:51
You should have mentioned that: 您应该提到:
This is an app with certain company-mandated security features, so turning off validation is not an option.
In your recent question Using iTextSharp with the knockout JavaScript framework? 在您最近的问题中,如何将iTextSharp与淘汰型JavaScript框架一起使用? . 。 I could have provided this answer there. 我本可以在此提供此答案。
I'm not sure why decorating the controllers Action with [ValidateInput(false)] isn't working, but that answer's fully working source code is available . 我不确定为什么用[ValidateInput(false)]装饰控制器Action不能正常工作, 但是该答案的完全正常工作的源代码可用 。 Whatever the reason, you should only need a few changes to workaround the issue: 无论是什么原因,您都只需要进行一些更改即可解决该问题:
(1) Base64 encode the HTML in your JavaScript: (1) Base64在您的JavaScript中对HTML进行编码:
ko.utils.postJson("/MyController/MyAction", window.btoa(DetailsPdf));
(2) Decode string in your MVC Controller: (2)在MVC控制器中解码字符串:
[HttpPost]
public ActionResult Index(string xHtml)
{
xHtml = Encoding.UTF8.GetString(Convert.FromBase64String(xHtml));
(3) Deserialize that string to your model / entities with Json.Net or other. (3)使用Json.Net或其他将字符串反序列Json.Net模型/实体。
Above steps have also been tested and verified working. 以上步骤也已经过测试和验证。 ;) ;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.