Part 76 - ValidateInput attribute in mvc 允许文本框输入html标签
2016-11-10 15:41
369 查看
只需设置ValidateInput属性为false,即可允许在文本框输入html标签。若需要详细了解,请往下看:
This validateInput attribute is used to enable or disable request validation. By default, request validation is enabled in asp.net mvc, Let's understand this with an example.
Step 1: Create an asp.net mvc4 application using Empty template.
Step 2: Add a HomeController. Copy and paste the following code.
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[HttpPost]
public <span style="background-color: rgb(255, 255, 153);">string</span> Index(string comments)
{
return "Your Comments: " + comments;
}
}
Step 3: Add Index.cshtml view. Copy and paste the following code.
Step 4: Navigate to /Home/Index. Type the following text in the "Comments" textbox and click "Submit".
<h1>Hello</h1>
Notice that, you get an error - A potentially dangerous Request.Form value was detected from the client (comments="<h1>Hello</h1>"). This is because, by default, request validation
is turned on in asp.net mvc and does not allow you to submit any HTML, to prevent XSS (Cross site scripting attacks). We discussed XSS in Part
55 & Part 56 of asp.net
mvc tutorial.
However, in some cases, you want the user to be able to submit HTML tags like <b>,<u> etc. For this to happen, we need to
turn off request validation, by decorating the action method with ValidateInput attribute as shown below.
At this point, you should be able to submit comments, with HTML tags in it.
This validateInput attribute is used to enable or disable request validation. By default, request validation is enabled in asp.net mvc, Let's understand this with an example.
Step 1: Create an asp.net mvc4 application using Empty template.
Step 2: Add a HomeController. Copy and paste the following code.
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[HttpPost]
public <span style="background-color: rgb(255, 255, 153);">string</span> Index(string comments)
{
return "Your Comments: " + comments;
}
}
Step 3: Add Index.cshtml view. Copy and paste the following code.
<div style="font-family:Arial"> @using (Html.BeginForm()) { <b>Comments:</b> <br /> @Html.TextArea("comments") <br /> <br /> <input type="submit" value="Submit" /> } </div>
Step 4: Navigate to /Home/Index. Type the following text in the "Comments" textbox and click "Submit".
<h1>Hello</h1>
Notice that, you get an error - A potentially dangerous Request.Form value was detected from the client (comments="<h1>Hello</h1>"). This is because, by default, request validation
is turned on in asp.net mvc and does not allow you to submit any HTML, to prevent XSS (Cross site scripting attacks). We discussed XSS in Part
55 & Part 56 of asp.net
mvc tutorial.
However, in some cases, you want the user to be able to submit HTML tags like <b>,<u> etc. For this to happen, we need to
turn off request validation, by decorating the action method with ValidateInput attribute as shown below.
[HttpPost] <span style="background-color: rgb(255, 255, 0);">[ValidateInput(false)]</span> public string Index(string comments) { return "Your Comments: " + comments; }
At this point, you should be able to submit comments, with HTML tags in it.
相关文章推荐
- Html Input标签只能输入数字
- 使用js正则控制input标签只允许输入的值
- Part 81 - Range attribute in asp.net mvc
- html 的input标签 各种输入控制
- Part 68 - What is the use of NonAction attribute in mvc
- paip.HTML文本框INPUT无法输入的解决
- 实时监听input标签输入 实时监听文本框输入 避免中文输入法无法触发onkeyup事件的问题
- Part 82 - Creating custom validation attribute in asp.net mvc
- Part 5 - Html helpers in mvc
- 简单的js限制html中input标签输入空格
- 解决在HTML中input或textarea中上下标不能正确输入问题,或在word中的上下标一复制到HTML的标签中就变成数字格式问题
- 关于HTML在input标签内检测输入内容合法性和在js验证表单合法性后跳转到servlet的几点内容
- 使 html input 标签只能输入数字
- Part 83 - RegularExpression attribute in asp.net mvc
- input文本框只允许输入数字代码三则
- 使用js正则控制input标签只允许输入的值
- 警惕ASP.NET MVC中的ValidateInputAttribute
- html input 文本框的一些操作(限制输入...)
- Part 71 - childactiononly attribute in mvc
- Part 84 - Compare attribute in asp.net mvc