我有课
public class TemplateViewModel
{
[AllowHtml]
public string Template { get; set; }
[AllowHtml]
public Dictionary<string, string> LocalizedContents { get; set; }
}
当我为模板输入html代码时,就可以了。当我输入LocalizedContents的html代码时,它会提示错误
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (LocalizedContents[en-us]="...ate:
FB: <a href="www.faceboo...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpValueCollection.EnsureKeyValidated(String key)
at System.Web.HttpValueCollection.GetValues(String name)
at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture)
at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.CreateEntryForModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Type valueType, IModelBinder valueBinder, String modelName, Object modelKey)
at System.Web.Mvc.DefaultModelBinder.UpdateDictionary(ControllerContext controllerContext, ModelBindingContext bindingContext, Type keyType, Type valueType)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder)
at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor)
at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState)
[用于词典的[AllowHtml]的解决方案?
我不喜欢使用[ValidateInput(false)],因为它会带来安全隐患
我也不想在我的Web配置中包含<httpRuntime requestValidationMode="2.0" />
实现此目的的另一种方法是为数据类型创建一个类,并为该类的属性分配[AllowHtml]。
public class LocalizedContents
{
[AllowHtml]
public string Key { get; set; }
[AllowHtml]
public string Value { get; set; }
}
然后将类作为LocalizedContents属性的数据类型
public class TemplateViewModel
{
public string Template { get; set; }
public List<LocalizedContents> LocalizedContents { get; set; }
}