问题描述
在我工作的应用程序,我想允许用户上传静态HTML页面替换默认的用户配置MVC视图页面。这可能吗?也就是说,用户上传的html页面将完全耗尽的MVC,并且它可以包括其自己的CSS链接等
In the app I am working on, I want to allow the user to upload static HTML pages to replace the default "user profile" MVC View page. Is this possible? That is, the user uploaded html pages will totally run out of MVC, and it can include its own CSS links, etc.
想法?建议?
推荐答案
显然,.NET MVC框架已经处理静态内容的图像/ CSS / JS等,这也只是延长该事项(路由?)来传递通过直IIS .html文件。这再加上重写,以prettier的URL应该做的伎俩了几许。
Obviously the .net MVC framework handles static content already for images / css / js etc. It would just be a matter of extending that (routing?) to pass .html files through straight to IIS. That coupled with a dash of rewriting to make prettier urls should do the trick.
不过,我会非常,非常谨慎,允许用户生成内容的原始HTML上传的形式为你留下了非常非常宽门开。在最好的情况,你要与人的全面页面垃圾邮件/色情/广告的清盘。在最坏的情况,你会为人们提供上传跨站点脚本黑客网关和潜在的恶意上传的内容损害您的网站。本可以很容易地在您的网站,很难code垃圾的负载到它现有的形式,并从他们的主页exectute它,打破东西一大堆。
However, I would be very, very wary of allowing User Generated Content in the form of raw HTML uploads as you're leaving a very very wide door open. At best, you're going to wind up with people's pages full of spam/porn/adverts. At the worst, you'll be providing a gateway for people to upload cross-site scripting hacks and potentially uploading malicious content to damage your site. The could easily take an existing form on your site, hardcode a load of junk into it, and exectute it from their homepage and break a whole heap of things.
最起码你应该解析上传的内容,以减少它归结为只是一个内容块,然后包裹在自己的等我个人更加倾向于只为用户提供了一个很好的所见即所得的编辑器编辑内容的单块 - 任何编辑器值得它的盐应该为你提供的环境卫生,以它包含/排除哪些元素。这个内容片段/然后在数据库中存储在硬盘上,有一个网页请求经过一个标准的MVC控制器的路线和加载内容。
At the very least you should be parsing the uploaded content to reduce it down to just a block of content, and then wrapping that in your own etc. I would personally be much more inclined to just provide users with a nice WYSIWYG editor to edit a single block of content - any editor worth it's salt should provide you with sanitisation as to what elements it includes / excludes. Then store this content fragment in your database / on disc and have the request for a homepage go through a standard MVC controller route and load up that content.
编辑 - 你请求的例子
您应该能够到忽略规则添加到您的路由 - 将有可能已经是这些已经例子 - 裂纹打开Global.asax文件 - 你会想投入到routes.IgnoreRoute方法的调用:
Edit - for you request for examplesYou should be able to add an Ignore rule to your routing - there will probably already be examples of these already - crack open your Global.asax file - you will want to put in a call to the routes.IgnoreRoute method :
routes.IgnoreRoute("UserPages/{*path}");
应该让IIS办理yourwebsite.com/UserPages/aUser/homepage.html所有的请求 - 你也可以发挥一下多一点与野生卡碎片/为prettier解决方案的限制
Should let IIS handle all requests for yourwebsite.com/UserPages/aUser/homepage.html - you can also play about a bit more with the wild card fragments / constraints for prettier solutions
这篇关于ASP.NET MVC:如何使用静态的HTML页面中的MVC应用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!