MVC3 C# Potentially dangerous request error

允我心安 提交于 2019-12-24 00:03:55

问题


I have an MVC3 C#. Web App. One of our properties uses an RTF control for our TextBoxFor controls:

                @Html.TextAreaFor(model => model.SowDescription,
                    (object)new
                    {
                        rows = 7,
                        cols = 65,
                        @class = "celltext2 save-alert attachmentEditor",
                        disabled = "disabled"
                    } 

THe attachmentEditor class uses CkEditor. So there are html tags embedded in the control for Bold, Italics, etc. A user pasted some data into this TextArea and we received this error:

A potentially dangerous Request.Form value was detected from the client (SowDescription="<br />  <br />  <u><..."). ******** 

We use HttpUtility.HtmlDecode in other cases, but the using it in the Html.TextAreFor() helper we get this error:

Templates can be used only with field access, property access, single-dimension array index, or single-parameter custom indexer expressions.

Any ideas how we can Encode/Decode the using the Html.TextAreaFor() helper?


回答1:


Try decorating the SowDescription viewmodel property with the [AllowHtml] attribute.




回答2:


In your model,before SowDescription definition add this

 [AllowHtml]

You need System.Web.Mvc reference for using it




回答3:


Simply write: UI:

CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});

Controller:

model.Body = System.Net.WebUtility.HtmlDecode(model.Body);


来源:https://stackoverflow.com/questions/14489853/mvc3-c-sharp-potentially-dangerous-request-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!