我无法关闭ASP的请求验证。净MVC控制器

时间:2022-12-04 20:00:41

I am trying to turn off Request Validation for all action methods in a controller by doing this:

我试图通过这样做来关闭控制器中所有操作方法的请求验证:

[ValidateInput(false)]
public class MyController : Controller
{
    ...

The reference I am using says this is possible and tells me to do it this way, but for some reason it's not working.

我使用的参考资料说,这是可能的,并告诉我这样做,但出于某种原因它不起作用。

If I submit any html (even a simple <b> tag) through a text box, I get the error:

如果我通过文本框提交任何html(甚至是一个简单的标签),我将得到错误:

A potentially dangerous Request.Form value was detected from the client (text=<b>").

一个有潜在危险的请求。从客户端检测到表单值(text=)。

It's also not working by attaching the attribute to an individual method.

它也不能将属性附加到单个方法。

How can I disable Request Validation for a controller?

如何禁用控制器的请求验证?

EDIT

I am working in VS2008 built in test server.

我在VS2008中构建测试服务器。

4 个解决方案

#1

14  

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method?

我在我的机器上,在类定义和操作方法上测试了它,它在这两种情况下都适用。你确定你的视图与你的方法/控制器对齐吗?你是把属性放在GET方法还是POST方法?

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

#2

12  

To make it working you need to modify web.config as well:

要使其工作,您需要修改web。配置:

<system.web>
    <httpRuntime requestValidationMode="2.0"/>
    ...
</system.web>

#3

2  

Pro ASP.NET MVC Framework (p466) says the following is supposed to work:

箴ASP。NET MVC框架(p466)说,以下内容应该是有用的:

public class MyController : Controller 
{
     public MyController() {
        ValidateRequest = false;
     }
}

#4

0  

Can you post your controller file and your view file.

你能发布你的控制器文件和你的视图文件吗?

This works;

这个作品;

MytestController--------------------------------

MytestController - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;

namespace testapp.Controllers
{
    [ValidateInput(false)]
    public class MyTestController : Controller
    {

        public ActionResult Index()
        {
            return View();
        }

    }
}

MyTest(Index)-------------------------------------------------------

MyTest(指数)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Index</title>
</head>
<body>
 <% using (Html.BeginForm()) { %>
 <%= Html.TextBox("test")%>
 <button type="submit"  >Submit</button>
 <%} %>
</body>
</html>

#1

14  

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method?

我在我的机器上,在类定义和操作方法上测试了它,它在这两种情况下都适用。你确定你的视图与你的方法/控制器对齐吗?你是把属性放在GET方法还是POST方法?

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

#2

12  

To make it working you need to modify web.config as well:

要使其工作,您需要修改web。配置:

<system.web>
    <httpRuntime requestValidationMode="2.0"/>
    ...
</system.web>

#3

2  

Pro ASP.NET MVC Framework (p466) says the following is supposed to work:

箴ASP。NET MVC框架(p466)说,以下内容应该是有用的:

public class MyController : Controller 
{
     public MyController() {
        ValidateRequest = false;
     }
}

#4

0  

Can you post your controller file and your view file.

你能发布你的控制器文件和你的视图文件吗?

This works;

这个作品;

MytestController--------------------------------

MytestController - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;

namespace testapp.Controllers
{
    [ValidateInput(false)]
    public class MyTestController : Controller
    {

        public ActionResult Index()
        {
            return View();
        }

    }
}

MyTest(Index)-------------------------------------------------------

MyTest(指数)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Index</title>
</head>
<body>
 <% using (Html.BeginForm()) { %>
 <%= Html.TextBox("test")%>
 <button type="submit"  >Submit</button>
 <%} %>
</body>
</html>
标签:

相关文章