c# - "potentially dangerous Request.Form value" -

-

I'm getting the error

A potentially dangerous request. The form value was detected by the client

When I apply my application (error does not occur when I run through a local host).

This happens when submitting a form, because one of the fields is HTML. I've added the model around the [AllowHtml] property to a model that matches the offensive field, but it does not seem to work.

For the obvious reasons, Do not want to use [ValidateInput (false)], and at any rate that does not seem to work.

Is there any other configuration what should I do? I have read that 

  & lt; HttpRuntime requestValidationMode = "2.0" /> The web config file can fix it, but I do not want to add it again because I still need secure verification for other parts of my app.  
 Any thoughts?   
 
 
   [AllowHtml]  need to be added  & Lt; HttpRuntime requestValidationMode = "2.0" />  (Setting this value does not mean that you can not get secure verification, it's just a verification mode). Other parts of the site will be protected, you are disabling verification for only specific assets on your visual model   
  [Valid input (wrong)]  work But as you said it may be less secure because it disables verification for all properties  
 I have  [AllowHtml]  [AllowHtml]  .   
 I will be with both  and  [valid input (wrong)]  without the need to work out of the box in ASP.NET MVC 3  & Lt; HttpRuntime requestValidationMode = "2.0" />  Web.config was running under ASP.NET 4.0 in ASP.NET MVC2.  
 Here's an example:  
 See model:  
  Public class MyViewModel {[AllowHtml} public string text {get; Set; Controller: Public class HomeController: Controller {public performance index} {var model = new MyViewModel {text = "& lt; html / & gt;"}; See Return (Model); } [HTPOST] Public Action Result Index (MyView Model Model) {Return View (Model); }}   
 View:  
  @model MyViewModel @using (Html.BeginForm ()) {@ Html.TextAreaFor (x => x. Text) & lt; Input type = "submit" value = "ok" /> }   
 When the form is submitted, no exception is thrown.

Comments

Post a Comment

Popular posts from this blog

mysql - BLOB/TEXT column 'value' used in key specification without a key length -

-
I have developed an extension which works up to 1.6 on Magren (I'm trying Enterprise Edition, And I think the community is the same problem, because it is the same code). In my install script, I see the $ installer-> gt; CreateEntityTables ($ this- & gt; getTable ('alphanum / info')); The installation is done until it is not in the _text unit table. It crashed there! It turns out that when I log in to SQL and run it via PHPmyadmin, then this error is: Blob / Text column 'value' is used without the key 'key' . I saw the code there, and this is what is trying to create an index on the value column: -> addIndex ($ this- & gt; getIdxName ($ eavTableName, array ( 'attribute_id array (' attribute_id ',' value ')) - & gt; addIndex ($ this- & gt; getIdxName ($ eavTableName, array (' entity_type_id ' , 'Value')), array ('entity_type_id', 'value')) If there is no if statement is n...
Read more

c# - Using Vici cool Storage with monodroid -

-
Oh, for the moment I am not sure how it is officially supported, but for the success of the people Using Monodroid Vic Cool Storage I am able to leave and compile assemblies in my project, but while trying to use some classes, the errors of time have to be gathered. Especially when trying to connect like the example for Mono Touch string dbName = path. Cobain (environment. Gatefolder path (environment specialfolder personal), "mydb.db3"); // The following line will be called coolestation, where is the database, // to make it if it does not exist, and call a delegate that creates the necessary tables (only when the database file was newly created //) CSConfig.SetDB (DbName, true, () => {CSDatabase.ExecuteNonQuery ("Subscriber Integer Primary Key Attribute, Name Text (50) No, Number, Date First Text (30)");); There is no difference when I try to use the methods of CSConfig and when I cscfif If I try to pass 3 aggregates to STDB (3) then I get the invalid ...
Read more

python - referencing a variable in another function? -

-
I am an experienced TCL developer and write my own processes to help myself. I call it a proc i callVar, print out the value of the variable in a certain format, so I know that it is variable and what is the value "set foo 1; putVar foo" result 'foo = "1" I want to do the same thing in Python, but I can not find the answer :( In TCL I use the up command because when I pass the name of the variable, then I can see the value at the top. . I understand that an advanced light in the dragon There is no mechanism of r, but with its introspection capability, I would think that this is something trivial, but I am not getting the answer anywhere. It seems that this should work: and expanded: def foo (): y = "Hello World" printwor ("y") foo () y = "Hello World " You can, but you should not do so if your code is correct If is needed , then there is something wrong with your design, and you should probably use the dictionar...
Read more