开发者

Overcoming .Net 4 'security' fix that passes char codes instead of literals (jquery/mvc)

I'm returning some partial views via Jquery Ajax calls. When it returns (some j开发者_JAVA百科avascript I'm passing back, for better or worse), the single quotes - ' symbols, are returned like the below (as viewed by fiddler):

         xAxis: {
            categories: ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
        },

So of course the javascript returned is malformed and can't be called.

Looking into this, it's apparently a 'security' update in .net v4 to avoid xss attacks. That forum basically says that it is bad news, and suggests overriding the default HTML encoding class. I tried this with no luck.

Any suggestions for removing this annoying functionality?


If it is an actual partial view you are returning, you could wrap you javascript part in a @Html.Raw(javascript) so it does not get encoded.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜