MVC3 C# Potentially dangerous request error

问题:

I have an MVC3 C#. Web App. One of our properties uses an RTF control for our TextBoxFor controls:

                @Html.TextAreaFor(model => model.SowDescription,                     (object)new                     {                         rows = 7,                         cols = 65,                         @class = "celltext2 save-alert attachmentEditor",                         disabled = "disabled"                     }  

THe attachmentEditor class uses CkEditor. So there are html tags embedded in the control for Bold, Italics, etc. A user pasted some data into this TextArea and we received this error:

A potentially dangerous Request.Form value was detected from the client (SowDescription="<br />  <br />  <u><..."). ********  

We use HttpUtility.HtmlDecode in other cases, but the using it in the Html.TextAreFor() helper we get this error:

Templates can be used only with field access, property access, single-dimension array index, or single-parameter custom indexer expressions. 

Any ideas how we can Encode/Decode the using the Html.TextAreaFor() helper?

回答1:

Try decorating the SowDescription viewmodel property with the [AllowHtml] attribute.

回答2:

In your model,before SowDescription definition add this

 [AllowHtml] 

You need System.Web.Mvc reference for using it

回答3:

Simply write: UI:

CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true}); 

Controller:

model.Body = System.Net.WebUtility.HtmlDecode(model.Body); 

文章来源: MVC3 C# Potentially dangerous request error