I am calling a controller function from Ajax in my view
$.ajax({
type: "POST",
url: "@Url.Action("GetSelectedItemsForRoleId","User")",
data: { optionLabel: '@CommonResource.DropdownNoValueText', optionValue: null, selectedValue: null, filterValue: 0 },
success: function (result) {
alert('success');
var departmentDropdown = $('#RoleId').data("DropDownList");
departmentDropdown.setDataSource(result);
},
error: function(XMLHttpRequest, textStatus, errorThrown)
{
alert('XMLHttpRequest ' + XMLHttpRequest);
alert('textStatus ' + textStatus);
alert('errorThrown ' + errorThrown);
//some stuff on failure
},
dataType: "json",
traditional: true,
async: false
});
CommonResource.DropdownNoValueText is -Välj-
I get the following error in failure block :
potentially dangerous request.form value was detected from the client
My controller signature looks like this:
public ActionResult GetSelectedItemsForRoleId(string optionLabel, string optionValue, string selectedValue, int filterValue)
I tried to put ValidateInput
annotation above this function and set it to false.
After doing that the string appears as -Välj-
.
What is the cause of this and how can I derive the original text ie -Välj-
?
Update :
I have further tried with two things:
@CommonResource.DropdownNoValueText
directly with -Välj-
. Now I don't get any error.(But this isn't the correct solution as this won't resolve the lingustic feature).DropdownNoValueText
in CommonResource
with something else like eee which also does not give error.(But even this isn't the solution).I had the similar problem with both Swedish and Spanish characters. We used method HttpUtility.JavaScriptStringEncode
which encoded characters from strings and caused ampersand followed by hash symbol (like in your example):
puntuación
Solution was to change default encoder used by classes HtmlUtility
to not use default encoder ( HtmlEncoder
) but rather AntiXssEncoder
which seems to be doing a better job since it doesn't try to encode characters such as special Swedish or Spanish characters so no error is thrown.
I guess AntiXssEncoder
encoder understands these characters are harmless and doesn't try to encode them. This change is in config file and probably has global effect:
<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder"/>
Just to add some information about root cause of situation - unsuccessful attempt of resolving this issue was to use HttpUtility.HtmlEncode
which changed string to :
puntuaci&#243;n
so that &
was used instead of &
which resolved problem but caused other unwanted side-effects.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.