I am using a userControl in MVC 4 that has a telerik radeditor. I want to submit the content of the radeditor the the action method but if I user editor.get_html() the code doesn't execute.
the javascript call to the action method is the following:
function Save() {
var editor = $find("<%=radEdit.ClientID%>");
var editorHtmlContent = editor.get_html();
var entityId = document.getElementById('hdEntityId').value;
var url = '<%=Url.Action("SaveNote", "staticController")%>';
$.post(url, { EntityId: entityId, Desc: editorHtmlContent }, function (result) { });
}
any clue?
Posting HTML tags is being considered a security threat (HTML Injection and Cross-site Scripting (XSS)), so it is blocked by default. You have three ways out of this:
If you have strongly typed model class and want to get the actual HTML, you can use AllowHtmlAttribute
:
public class XMLModel { public int EntityId { get; set; } [AllowHtml] public string Desc { get; set; } }
Last option is to disable input validation for entire action, which can be done with ValidateInputAttribute
:
[ValidateInput(false)] [HttpPost] public ActionResult SaveNote(...) { ... }
You should choose the option most suitable for you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.