Linq Edit ListView
im trying to edit a field using code instead of the wizard. im not entirely sure if the code i have is correct to update the field. here is the code i have to edit the field:
Protected Sub ListView1_ItemEditing(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewEditEventArgs) Handles ListView1.ItemEditing
ListView1.EditIndex = e.NewEditIndex
ListView1.DataBind()
End Sub
Protected Sub ListView1_ItemUpdating(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewUpdateEventArgs) Handles ListView1.ItemUpdating
Dim profile = Request.QueryString("Profile")
Dim postid As Label = DirectCast(ListView1.EditItem.FindControl("postId"), Label)
Dim textbox As TextBox = DirectCast(ListView1.EditItem.FindControl("EditPostTxt"), TextBox)
Dim getComment = (From p In db.Posts Where p.PostId = New Guid(postid.Text)).Single
getComment.Post = cc.reverseExchangeSmilies(textbox.Text)
db.SubmitChanges()
ListView1.EditIndex = -1
cc.LoadComments(profile, ListView1)
End Sub
when ever i try to ether update or cancel the post because the post contains html i get the following error:
A potentially dangerous Request.Form value was detected from the client
i was wondering if before it updated the post it could use the reverseExchangeSmilies to turn them back in to smiles instead of there html or maybe allow html to be used at this point.
aspx page:
<asp:ListView ID="ListView1" runat="server">
<ItemTemplate>
<div id="header">
<asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br />
</div>
<div id="leftcolumn">
<asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div>
<div id="content">
<asp:Label ID="Label4" runat="server" Text='<%#Eval("Post") %>'></asp:Label><br />
</div>
<div id="footer">
<%# Eval("Date")%><br />
<asp:linkbutton id="linkbutton1" runat="server" CommandName="del" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Delete" onclientclick="return confirm('Are you sure?');" />
<asp:linkbutton id="linkbutton2" runat="server" CommandName="Edit" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Edit" />
</div>
<br />
</ItemTemplate>
<EditItemTemplate>
<div id="header">
<asp:Label ID="postId" runat="server" Text='<%#Eval("PostId") %>'></asp:Label>
<asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br />
</div>
<div id="leftcolumn">
<asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval开发者_JS百科("DisaplyPictureSmall") %>' /></div>
<div id="content">
<asp:TextBox ID="EditPostTxt" runat="server" Text='<%#Eval("Post") %>' Width="100%" TextMode="MultiLine"></asp:TextBox>
</div>
<div id="footer">
<%# Eval("Date")%><br />
<asp:linkbutton id="SaveEditBut" runat="server" CommandName="Update" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Update" />
<asp:linkbutton id="Linkbutton3" runat="server" CommandName="Cancel" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Cancel" />
</div>
<br />
</EditItemTemplate>
</asp:ListView>
Thanks in advance.
The framework is preventing you from posting html code as a security measure. This can be turned off for the current page by adding a page directive.
<%@ Page validateRequest="false" %>
The other option is to use javascript on the client side to change '<' to < and '>' to > and '&' to & before posting. Then on the server side you could decode the html before writing it to the screen.
function encodeValue(element_id)
{
var elem = document.getElementById(element_id);
var html = elem.value;
html= html.replace(/&/gi,"&");
html= html.replace(/</gi,"<");
html= html.replace(/>/gi,">");
elem.value = html;
}
加载中,请稍侯......
精彩评论