错误消息“;一个潜在危险的请求.形式值”;

本文关键字:请求 危险 一个 消息 错误 | 更新日期: 2023-09-27 18:26:14

我添加了TinyMCE编辑器来添加HTML格式的描述,但当我用HTML写东西并单击Add Product时,会出现以下错误:

从客户端检测到潜在危险的Request.Form值(描述="

我试过:

  1. AllowHtml<=不工作

  2. [HttpPost, ValidateInput(true, Exclude = "Description")]并获取此错误

System.Web.Mvc.ValideInputAttribute"不包含排除的定义

  1. web.config中的<httpRuntime requestValidationMode="2.0">并获取此错误

HTTP错误500.19-内部服务器错误无法访问请求的页面,因为该页面的相关配置数据无效。

产品.cs

public partial class Product {
     public int productID {get; set;}
     [Required]
     public int Name {get; set;}
     [AllowHtml]
     public string Description {get; set;}
     public string ImagePath {get;set}
}

添加产品视图

@using (Html.BeginForm("AddProduct", "Store", FormMethod.Post, new { enctype = "multipart/form-data",   @class = "form-horizontal", role = "form" }))
{
@Html.AntiForgeryToken()
<h4>Create a new product.</h4>
<hr />
@Html.ValidationSummary(true)
@ViewBag.SizeMsg
<div class="form-group">
    @Html.LabelFor(m => m.Name, new { @class = "col-md-2 control-label"})
    <div class="col-md-10">
        @Html.TextBoxFor(m => m.Name, new { @class = "form-control" })
        @Html.ValidationMessageFor(m=>m.Name)
    </div>
</div>
<div class="form-group">
    @Html.LabelFor(m => m.Description, new { @class = "col-md-2 control-label" })
    <div class="col-md-10">
        @Html.TextAreaFor(m => m.Description, new { @class = "form-control" })
    </div>
</div>
<div class="form-group">
    @Html.LabelFor(m => m.ImagePath, new { @class = "col-md-2 control-label" })
    <div class="col-md-10">
        <input type="file" name="file" id="file" style="width: 100%;" />
    </div>
</div>
<div class="form-group">
    <div class="col-md-offset-2 col-md-10">
        <input type="submit" class="btn btn-default" value="Add Product" />
    </div>
</div>
}

控制器

[HttpPost]
public ActionResult AddProduct(HttpPostedFileBase file)
{
   if (file != null)
   {
      var allowedExtensions = new[] { ".jpg", ".png", ".jpeg", ".gif", ".JPG", ".PNG", ".JPEG" };
      if (allowedExtensions.Contains(extension))
      {
        string ImagePath = System.IO.Path.GetFileName(file.FileName);
        string physicalPath = Server.MapPath("~/ProductImages/" + ImagePath);
        file.SaveAs(physicalPath);
        Product newRecord = new Product();
        newRecord.Name = Request.Form["Name"];
        newRecord.Description = Request.Form["Description"];
        newRecord.ImagePath = ImagePath;
        db.Products.Add(newRecord);
        db.SaveChanges();
        return RedirectToAction("Index", "Home");
      }
      else
      {
        ViewBag.SizeMsg = "File not supported.";
        return View();
       }
   }
   return View();
 }

错误消息“;一个潜在危险的请求.形式值”;

将其添加到您的配置中

<httpRuntime requestValidationMode="2.0"/>
<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

添加添加这个也

[Post, ValidateInput(false)]
public ActionResult Operation(string Parameter) {
    ...
}

我也遇到过类似的问题,这是我运行的配置:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>
相关文章: