首页 > 代码库 > 从客户端检测到有潜在危险的Request.Form值

从客户端检测到有潜在危险的Request.Form值

1.带有html标记内容提交(使用web编辑器)

js:

    <script type="text/javascript">
        //简单模式
        var editor;
        KindEditor.ready(function (K) {
            editor = K.create(‘textarea[name="Content"]‘, {
                resizeType: 1,
                allowPreviewEmoticons: false,
                allowImageUpload: false,
                items: [
                        ‘fontname‘, ‘fontsize‘, ‘|‘, ‘forecolor‘, ‘hilitecolor‘, ‘bold‘, ‘italic‘, ‘underline‘,
                        ‘removeformat‘, ‘|‘, ‘justifyleft‘, ‘justifycenter‘, ‘justifyright‘, ‘insertorderedlist‘,
                        ‘insertunorderedlist‘, ‘|‘, ‘emoticons‘, ‘image‘, ‘link‘
                ]
            });
        });
    </script>

cshtml:

        @using (Html.BeginForm("Add"))
        {
            <table border="0" width="100%">
                <tr>
                    <td>标题:
                    </td>
                    <td>
                        <input type="text" name="Title" />
                    </td>
                </tr>
                <tr>
                    <td>内容:
                    </td>
                    <td>
                        <textarea name="Content" cols="30" rows="10"></textarea>
                    </td>
                </tr>
            </table>
            <input type="submit" value="保存内容" />
        }

        @if (ViewBag.Success == 1)
        {
            @:<script> alert("添加成功"); </script> 
        }

C#:

解决方案1:

        //新增文章内容
        [ValidateInput(false)]
        public ActionResult Add(string Title = "", string Content = "")
        {
            if (Title.Length > 0)
            {
                AddArticle(Title, Content);
            }
            return View();
        }

解决方案2:(失败)

        //新增文章2
        public ActionResult AddTwo(string Title = "", string Content = "")
        {
            this.ValidateRequest = false;//此处禁用请求验证不起作用
            if (Title.Length > 0)
            {
                AddArticle(Title, Content);
            }
            return View();
        }