开发者

How can I ignore HttpRequestValidationException and encoded HTML myself during model binding?

问答 作者:

I'm trying to figure out how I can ignore a HttpRequestValidationException begin thrown during model binding.

Here's the deal, I know how to handle HTML being posted and bound to a property that 开发者_Python百科expects HTML (using the AllowHtml attribute) but when a user posts HTML in a field that is not supposed to allow HTML, I want to automatically encode that value during binding to the model.

I've created a custom model binder to catch the HttpRequestValidationException being thrown but whenever I try to get the value from Request.Form, the same exception gets thrown.

Is there an automatic way to do this in MVC3?

Do I need to add AllowHtml to all the properties in the model and then encode it myself in the action?

Can I get access to the HTML being posted to me during model binding without it throwing HttpRequestValidationException every time I request it from Request.Form?

Thanks for any help you can provide.

Edit I don't want to turn off validation on the entire action. That's a little bit drastic if I want to make sure that an exception isnt thrown when someone enters html in a form they shouldn't have.

Same problem occured to me. Even on this older thread i'd like to share the solution. The answer is hard to find but very simple. There's an extension method which allows access of form and querystring unvalidated.

System.Web.Helpers.UnvalidatedRequestValues unvalidatedRequest = System.Web.Helpers.Validation.Unvalidated(Context.Request)
System.Collections.Specialized.NameValueCollection form = unvalidatedRequest.form

No need for requestValidationMode or turning off validation at all. This article led me to the solution.

For me the answer by fan711 is now depricated. Now you should use

public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) 
{ 
    //... code here 
    controllerContext.HttpContext.Request.Unvalidated.Form.GetValues(key); 
    //... code here 
}

Something like:

[HttpPost, ValidateInput(false)]
public ActionResult Edit(FormCollection collection)
{
    // ...
}

See this for more: A potentially dangerous Request.Form value was detected from the client

继续阅读:asp.net-mvc-3model-binding

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9