HtmlEncode on Post for ASP.Net MVC 3 Html.TextAreaFor

前端 未结 2 2199
感情败类
感情败类 2021-02-20 09:14

I have an ASP.Net MVC 3 page in which I have an Html.TextAreaFor control, see code below. If I try to submit the page to the http post action with text in angle brackets like:

2条回答
  •  既然无缘
    2021-02-20 09:50

    Basically right now, you're encoding the content of the TextAreaFor on the output. This doesn't help you in the slightest since you're trying to deal with input

    If you want to submit "potentially dangerous" content, you need to either

    1) decorate the RequestText property within your ViewModel with [AllowHtml]. (preferred)

    [AllowHtml]
    public string RequestText { get; set; }
    

    2) disable validateRequest

    
        
        
    
    

    Then you must ensure you're appropriately sanitizing that data and/or encoding it in your controller before submitting it to your Repository Layer or Database.

提交回复
热议问题