本文介绍了如何允许HTML标记在asp.net文本框提交?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
首先,我希望让大家知道,我是用一个aspx引擎不是剃刀引擎。
我有一个表格内的表。我的一个文本框包含像html标签
< / BR>电话:< / BR> 814-888-9999< / BR>电子邮件:< / BR> [email protected]。
当我去构建它它它给了我,说:
错误从客户端检测到有潜在危险的Request.Form值(问题答案=...的IC电话:< BR /> 814-888-9999< BR ...)。
我试图验证请求=假,但没有奏效。
我很抱歉我没加我的html code你看这么远。我拉了一些问题了,我可以编辑它,如果需要的话。
<%@页标题=LANGUAGE =C#的MasterPageFile =〜/查看/共享/的Site.Master继承=System.Web.Mvc.ViewPage<动态>中%GT;
< ASP:内容ID =内容1ContentPlaceHolderID =TitleContent=服务器>
EditFreqQuestionsUser
< / ASP:内容>< ASP:内容ID =内容2ContentPlaceHolderID =日程地址搜索Maincontent=服务器>
<脚本类型=文/ JavaScript的>
$(文件)。就绪(函数(){
$(#freqQuestionsUserUpdateButton)。点击(函数(){
$(#updateFreqQuestionsUser)提交()。
});
});
< / SCRIPT>
< H2>编辑频率问题用户和LT; / H><%!Administrator.AdminProductionServices.FreqQuestionsUser freqQuestionsUser = ViewBag.freqQuestionsUser = NULL? ViewBag.freqQuestionsUser:新Administrator.AdminProductionServices.FreqQuestionsUser(); %GT;
<%列表与LT;字符串> UserRoleList =会话[的UserRole]!= NULL? (列表<串GT;)会议[的UserRole]:新的List<串GT;(); %GT;
<表ID =updateFreqQuestionsUser行动=<%= Url.Action(SaveFreqQuestionsUser,正式版)%>中方法=邮报的onsubmit +>
<表>
&所述; TR>
< TD合并单元格=3级=tableHeader为>频率问题用户详细资料及LT;输入类型=隐藏值=<%= freqQuestionsUser.freqQuestionsUserId%GT; NAME =freqQuestionsUserId/> < / TD>
< / TR>
&所述; TR>
< TD合并单元格=2类=标签>问题描述:LT; / TD>
< TD类=内容>
<输入类型=文本MAXLENGTH =2000NAME =QuestionDescriptionVALUE =<%= freqQuestionsUser.questionDescription%GT; />
< / TD>
< / TR>
&所述; TR>
< TD合并单元格=2类=标签>问题答案:< / TD>
< TD类=内容>
<输入类型=文本MAXLENGTH =2000NAME =问题答案VALUE =<%= freqQuestionsUser.questionAnswer%GT; />
< / TD>
< / TR>
&所述; TR>
< TD合并单元格=3级=tableFooter>
< BR />
<一个ID =freqQuestionsUserUpdateButton的href =#类=regularButton>保存< / A>
< A HREF =JavaScript的:history.back()级=regularButton>取消< / A>
< / TD>
< / TR>
< /表>
< /表及GT;
< / ASP:内容>
解决方案
提交页面之前,你需要HTML EN code中的文本框的值,用window.escape(...)
如果您需要在服务器端的非转义文本,然后使用 HttpUtility.UrlDe code(...)方法。
非常快速的例子:
<%@页面语言=C#AutoEventWireup =真codeBehind =WebForm1.aspx.cs中继承=SO.WebForm1%GT;!< DOCTYPE HTML PUBLIC - // W3C // DTD XHTML 1.0过渡// ENhttp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">< HTML的xmlns =http://www.w3.org/1999/xhtml>
<头=服务器>
<标题>< /标题>
<脚本>
功能makeSafe(){
。的document.getElementById('TextBox1中')值= window.escape(的document.getElementById('TextBox1中')值);
}; 功能makeDangerous(){
。的document.getElementById('TextBox1中')值= window.unescape(的document.getElementById('TextBox1中')值);
}
< / SCRIPT>
< /头>
<身体GT;
<表ID =form1的=服务器的onsubmit =makeSafe();>
< DIV>
< ASP:文本框ID =TextBox1的=服务器的TextMode =多行行=10的ClientIDMode =静态>< / ASP:文本框>
< / DIV>
< ASP:按钮的ID =Button1的=服务器文本=按钮/>
< /表及GT;
<脚本>
makeDangerous();
< / SCRIPT>
< /身体GT;
< / HTML>
请这些变化到code:
<脚本类型=文/ JavaScript的>
$(文件)。就绪(函数(){
makeDangerous();
$(#freqQuestionsUserUpdateButton)。点击(函数(){
makeSafe();
$(#updateFreqQuestionsUser)提交()。
});
}); //添加一个ID属性要验证的输入是最简单的
//更好的办法是使用document.getElementsByTagName和过滤的磁盘阵列命名
//或者使用一个jQuery选择.... 功能makeSafe(){
。的document.getElementById('问题答案')值= window.escape(的document.getElementById('问题答案)值。);
}; //在这种情况下添加HTML返回到一个文本框应该是安全
//你应该很谨慎,虽然,当你使用它作为实际的HTML
//你必须采取措施,以确保HTML是安全的。
功能makeDangerous(){
。的document.getElementById('问题答案')值= window.unescape(的document.getElementById('问题答案)值。);
}
< / SCRIPT>
First, I want to let everyone know that I am using an aspx engine not a Razor engine.
I have a table within a form. One of my textbox contains html tags like
</br>Phone: </br> 814-888-9999 </br> Email: </br> [email protected].
When i go to build it it it gives me an error that says
A potentially dangerous Request.Form value was detected from the client (QuestionAnswer="...ics Phone:<br/>814-888-9999<br...").
I tried the validation request="false" but it did not work.
Im sorry i didn't add my html code for you to look at so far. I am pulling some question up where I can edit it, if need be.
<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<dynamic>" %>
<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
EditFreqQuestionsUser
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
<script type="text/javascript">
$(document).ready(function () {
$("#freqQuestionsUserUpdateButton").click(function () {
$("#updateFreqQuestionsUser").submit();
});
});
</script>
<h2>Edit Freq Questions User </h2>
<%Administrator.AdminProductionServices.FreqQuestionsUser freqQuestionsUser = ViewBag.freqQuestionsUser != null ? ViewBag.freqQuestionsUser : new Administrator.AdminProductionServices.FreqQuestionsUser(); %>
<%List<string> UserRoleList = Session["UserRoles"] != null ? (List<string>)Session["UserRoles"] : new List<string>(); %>
<form id="updateFreqQuestionsUser" action="<%=Url.Action("SaveFreqQuestionsUser","Prod")%>" method="post" onsubmit+>
<table>
<tr>
<td colspan="3" class="tableHeader">Freq Questions User Details <input type ="hidden" value="<%=freqQuestionsUser.freqQuestionsUserId%>" name="freqQuestionsUserId"/> </td>
</tr>
<tr>
<td colspan="2" class="label">Question Description:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionDescription" value=" <%=freqQuestionsUser.questionDescription%>" />
</td>
</tr>
<tr>
<td colspan="2" class="label">QuestionAnswer:</td>
<td class="content">
<input type="text" maxlength="2000" name="QuestionAnswer" value="<%=freqQuestionsUser.questionAnswer%>" />
</td>
</tr>
<tr>
<td colspan="3" class="tableFooter">
<br />
<a id="freqQuestionsUserUpdateButton" href="#" class="regularButton">Save</a>
<a href="javascript:history.back()" class="regularButton">Cancel</a>
</td>
</tr>
</table>
</form>
</asp:Content>
解决方案
before the page is submitted you need to html encode the textbox's value, with window.escape(...)
If you need the un-escaped text on the server side then use HttpUtility.UrlDecode(...) method.
very quick sample:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="SO.WebForm1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<script>
function makeSafe() {
document.getElementById('TextBox1').value = window.escape(document.getElementById('TextBox1').value);
};
function makeDangerous() {
document.getElementById('TextBox1').value = window.unescape(document.getElementById('TextBox1').value);
}
</script>
</head>
<body>
<form id="form1" runat="server" onsubmit="makeSafe();">
<div>
<asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Rows="10" ClientIDMode="Static"></asp:TextBox>
</div>
<asp:Button ID="Button1" runat="server" Text="Button" />
</form>
<script>
makeDangerous();
</script>
</body>
</html>
Make these changes to your code:
<script type="text/javascript">
$(document).ready(function () {
makeDangerous();
$("#freqQuestionsUserUpdateButton").click(function () {
makeSafe();
$("#updateFreqQuestionsUser").submit();
});
});
// Adding an ID attribute to the inputs you want to validate is simplest
// Better would be to use document.getElementsByTagName and filter the array on NAME
// or use a JQUERY select....
function makeSafe() {
document.getElementById('QuestionAnswer').value = window.escape(document.getElementById('QuestionAnswer').value);
};
// In this case adding the HTML back to a textbox should be 'safe'
// You should be very wary though when you use it as actual HTML
// You MUST take steps to ensure the HTML is safe.
function makeDangerous() {
document.getElementById('QuestionAnswer').value = window.unescape(document.getElementById('QuestionAnswer').value);
}
</script>
这篇关于如何允许HTML标记在asp.net文本框提交?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!