问题
I am developing MVC application using EF 4.0.
I am trying to put value , <test> to the address field but while saving its gives an below error , how to solve it ?
A potentially dangerous Request.Form value was detected from the client (Address="<test>").
Edit
Please check below code
namespace CEntities
{
[MetadataType(typeof(EmployeeMetaData))]
public partial class Employee
{
}
/// <summary>
/// Holds the validations for Employee class
/// </summary>
public class EmployeeMetaData
{
[Key]
public int Id { get; set; }
[Required]
[StringLength(50, ErrorMessage = "First name can accept maximum 50 characters.")]
public string FirstName { get; set; }
[StringLength(50, ErrorMessage = "Last name can accept maximum 50 characters.")]
public string LastName { get; set; }
[StringLength(1000, ErrorMessage = "Address can accept maximum 1000 characters.")]
public string Address { get; set; }
}
}
回答1:
Please check below code
namespace CEntities
{
[MetadataType(typeof(EmployeeMetaData))]
public partial class Employee
{
}
/// <summary> /// Holds the validations for Employee class /// </summary> public class EmployeeMetaData { [Key] public int Id { get; set; } [Required] [StringLength(50, ErrorMessage = "First name can accept maximum 50 characters.")] public string FirstName { get; set; }
[StringLength(50, ErrorMessage = "Last name can accept maximum 50 characters.")]
public string LastName { get; set; }
[StringLength(1000, ErrorMessage = "Address can accept maximum 1000 characters.")]
public string Address { get; set; }
}
}
回答2:
You can use ValidateInput(false) to turn off Request Validation or you can add [AllowHtml] Attribute to your model property
Edited :
add [AllowHtml] attribute on Address model property.
[StringLength(1000, ErrorMessage = "Address can accept maximum 1000 characters.")]
[AllowHtml]
public string Address { get; set; }
and add using System.Web.Mvc; directive on top.
Are you using Assembly System.Web.Mvc.dll, version 4 or version 2.
[AllowHtml] attribute is in Assembly System.Web.Mvc.dll, version 4. check your assembly version to apply this.
回答3:
@YograjGupta gave you a good answer, I'm not sure why [AllowHtml] is not working. Another option is in the controller, were you save the EmployeeMetaData to the database, you can add db.Configuration.ValidateOnSaveEnabled = false;, before you save changes. You will also have to remove the if(ModelState.IsValid) part.
Another option would be to replace the < and > with employeeMetaData.Address.Replace("<", "<").Replace(">", ">")
Keep in mind that if you use the [AllowHtml] attribute, it makes you more vulnerable to hacking, so you may want to remove it before your final release. Or you can add Microsoft.Security.Application and do something like Sanitizer.GetSafeHtmlFragment(address) to remove unsafe html.
Edit
Your controller should look something like this:
public ActionResult Create(Employee employee)
{
employee.Address = employee.Address.Replace("<", "<").Replace(">", ">");
if(ModelState.IsValid)
{
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction("Index");
}
}
Or you could try this:
public ActionResult Create(Employee employee)
{
db.Configuration.ValidateOnSaveEnabled = false;
db.Employees.Add(employee);
db.SaveChanges();
return RedirectToAction("Index");
}
db is your database and Employee is the Employee table in your database.
来源:https://stackoverflow.com/questions/12153135/giving-error-while-saving-the-text-with-tag