Has request validation changed for ASP.NET MVC 2, more precisely, not validating?
ASP.NET MVC 2的请求验证是否已更改,更确切地说,未验证?
I did the following:
我做了以下事情:
Web.configs (in App directory and Views directory)
Web.configs(在App目录和Views目录中)
<pages
validateRequest="false"
Controller/Action Attribute
控制器/动作属性
[ValidateInput(false)]
In @Page View Directive
在@Page View Directive中
ValidateRequest="false"
The page still gets validated an exception is thrown when HTML content is posted.
页面仍然有效,发布HTML内容时会引发异常。
UPDATE
UPDATE
Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this
创建了一个新的ASP.NET MVC 2应用程序,我修改了Home Controller的索引
[ValidateInput(false)]
public ActionResult Index(string InputText)
{
ViewData["Message"] = "Welcome to ASP.NET MVC!";
return View();
}
and my View Page
和我的视图页面
<% using(Html.BeginForm()){ %>
<%= Html.TextBox("InputText") %>
<input type="submit" />
<% } %>
And still the same issue, an exception is thrown.
仍然是同一个问题,抛出异常。
2 个解决方案
#1
31
I should read the error more carefully next time:
我应该在下次更仔细地阅读错误:
To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"
要允许页面覆盖应用程序请求验证设置,请在配置部分中设置requestValidationMode =“2.0”。设置此值后,您可以通过设置validateRequest =“false”来禁用请求验证
I put this in the application's web.config
我把它放在应用程序的web.config中
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>
and it worked.
它工作。
Update:
更新:
I was running ASP.NET 4 thats why :P
我运行ASP.NET 4就是为什么:P
#2
2
Insert obligatory warning about XSS here.
在此插入关于XSS的强制警告。
That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC
您使用ValidateInputAttribute修饰控制器(或操作)应该足够了,因为所有验证都是在ASP.NET MVC中的此控制器级别完成的
I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.
我刚刚在一个动作上尝试了这个,当我输出它时它会返回一个漂亮的,邪恶的警报(),所以我冒昧地猜测这里还有其他东西。
Do you have an HandleErrorAttribute set up anywhere?
你在任何地方都设置了HandleErrorAttribute吗?
#1
31
I should read the error more carefully next time:
我应该在下次更仔细地阅读错误:
To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"
要允许页面覆盖应用程序请求验证设置,请在配置部分中设置requestValidationMode =“2.0”。设置此值后,您可以通过设置validateRequest =“false”来禁用请求验证
I put this in the application's web.config
我把它放在应用程序的web.config中
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>
and it worked.
它工作。
Update:
更新:
I was running ASP.NET 4 thats why :P
我运行ASP.NET 4就是为什么:P
#2
2
Insert obligatory warning about XSS here.
在此插入关于XSS的强制警告。
That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC
您使用ValidateInputAttribute修饰控制器(或操作)应该足够了,因为所有验证都是在ASP.NET MVC中的此控制器级别完成的
I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.
我刚刚在一个动作上尝试了这个,当我输出它时它会返回一个漂亮的,邪恶的警报(),所以我冒昧地猜测这里还有其他东西。
Do you have an HandleErrorAttribute set up anywhere?
你在任何地方都设置了HandleErrorAttribute吗?