asp.net-mvc-4 - MVC4 AllowHtml 不适用于字典
问题描述
我有一堂课
public class TemplateViewModel
{
[AllowHtml]
public string Template { get; set; }
[AllowHtml]
public Dictionary<string, string> LocalizedContents { get; set; }
}
当我为模板输入 html 代码时,没问题。当我为 LocalizedContents 输入 html 代码时,它会提示错误
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (LocalizedContents[en-us]="...ate:
FB: <a href="www.faceboo...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpValueCollection.EnsureKeyValidated(String key)
at System.Web.HttpValueCollection.GetValues(String name)
at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture)
at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.CreateEntryForModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Type valueType, IModelBinder valueBinder, String modelName, Object modelKey)
at System.Web.Mvc.DefaultModelBinder.UpdateDictionary(ControllerContext controllerContext, ModelBindingContext bindingContext, Type keyType, Type valueType)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder)
at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor)
at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState)
[AllowHtml] 用于字典的任何解决方案?
我不喜欢使用,[ValidateInput(false)]因为它会有安全问题
我也不想包含<httpRuntime requestValidationMode="2.0" />在我的网络配置中
解决方案
实现此目的的另一种方法是为数据类型创建一个类并为该类的属性分配 [AllowHtml]。
public class LocalizedContents
{
[AllowHtml]
public string Key { get; set; }
[AllowHtml]
public string Value { get; set; }
}
然后将类作为 LocalizedContents 属性的数据类型
public class TemplateViewModel
{
public string Template { get; set; }
public List<LocalizedContents> LocalizedContents { get; set; }
}
推荐阅读
- woocommerce - Woocommerce 优惠券自动应用于购物车和结帐页面
- spring - 将 localDateTime 字符串正确解析为 Spring Boot @pathVariable
- user-interface - Flutter 只是用于 UI 开发吗?
- python - 对适配器模式的理解
- python - 类属性内的Python类属性
- reactjs - React-redux componentDidUpdate() 不起作用
- encryption - 为什么 id_rsa 和 id_rsa.pub 文件的内容是字母?
- python - 列的所有值在子设置时转换为 NaN
- python - 递增快捷方式
- regex - 从 sed 手工制作匹配示例