发表新帖

发表新帖

ASP.NET MVC3, Html.TextAreaFor without encoding?

前端未结

关注

 3  1452

走了就别回头了 2021-01-12 17:15

How can I use the Html.TextAreaForwithout encoding it? I know it\'s a security risk but I have a separate class that sanitizes any text.

Example:

@Html.TextA

3条回答

佛祖请我去吃肉 (楼主)

2021-01-12 17:44
As an alternative option you might wanna use ValidateInput as described here. An example in MVC style would be:
```
[ValidateInput(false)]
public ActionResult Method(){
     return View()
}

[ValidateInput(false)]
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Method(){
    // your stuff here
    RedirectToAction("index"); // or something 
}
```
I think that is more the MVC way to go. Now your controller tells you there is a security issue in that controller method. Your view can be any normal view using html helpers etc. Note that this enables all sorts of input, not filtered. It will work with TinyMCE though.

//edit

woops I see you need to add
to webconfig as well in new versions of MVC. Guess it might not be the way to go.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...

热议问题