问题
I would like to intercept the "<" character in the form field by a regex validator. I will describe the problem in 3 steps:
Step 1: When I try to submit a form with a field containing the "<" character, I get the "Potentially dangerous request..." - as expected in ASP.NET.
Step 2: To avoid ASP.NET's RequestValidation, I decorate my Update method in the controller with "[ValidateInput(false)]".
It works as expected - now I can post "<" character without error.
Step 3: I use xVal with DataAnnotations. For example, [Required] or [StringLength(255)] works as expected.
BUT when I use: [RegularExpression("^[^<>]*$", ErrorMessage = "Special characters are not allowed.")], I get the "Potentially dangeros request..." error again, despite the [ValidateInput(false)] directive.
What's happening? Is there a simpler way for regex validaton, but with [ValidateInput(false)] in place? Of course, I'd like to have my validation code in the model, not in the controller.
回答1:
No, it was an issue in MVC 1 + xVal. In MVC 2 the validation works as supposed (and there's no need for xVal anymore) – Alex42
Looks like the bot keeps on pushing this one to the top still. Could you mark an answer as accepted so that it knows?
回答2:
I'm using xVal & nhibernate.validator and i tried to reproduce this behavior but because the validator is tied into the client side I couldn't get a value of past the client side validation. when i disabled javascript, it got to the server side validation, and was caught by the regular expression validator.
I tried the same thing with using the data annotations validation attributes and model binder and it made it past as well.
there must be something else going on that is causing the error. Sorry I couldn't be more helpful!
回答3:
Try validating using a simple rule with this method. This can at least eliminate xVal from the equation. If the problem persists then i'd suggest it's related to either:
- the implementation of MVC's default Model Binder
- or there is a problem with the MVC view engine in the release your using that's somehow allowing an exception to be made for the attribute you specified by validating the
<when it shoudn't be
回答4:
if it just a field, you could just write a routine to look for a character '< or >' and remove it. you can achieve this by by making use of substring. hope this this helps
- use For loop to length of text to be tested (for (int i=1, i <= text.length, ++))
- verify each character begining 1 (e.g ch = text.substring(i,1)
- add each read character to tmp string except '< or >'
回答5:
I suppose the static method Escape() would solve this for you.
Regex r = new Regex(Regex.Escape(expression));
回答6:
Put this line in web.config
<httpRuntime requestValidationMode="2.0" />
This is change in ASPNET 4.0
来源:https://stackoverflow.com/questions/1038102/asp-net-mvc-validateinputfalse-stops-working-with-xval-and-regularexpression