如果我的网页上有一个搜索框,我显然不希望用户输入任何可能有危险的代码。
但是,我有很多数据输入页面,每个控制器上都需要有ValidateInput(false)。
我不想让危险的输入,但我也不想在每个控制器中处理这个。
有没有一种方法可以覆盖默认和丑陋的错误.Net错误消息,或者是否存在跨控制器处理这种错误的统一方法。
编辑
我想也许我没有正确地问这个问题。
对于每个数据输入页面,我都必须关闭输入验证。 这变得有点无聊和繁琐。 每次我接受输入时,都需要HTMLEncode,然后再输入HTMLDecode。
有没有办法在一个中心位置自动执行此操作?
If I have a search box on my page I clearly do not want the user to input any code that may be dangerous.
However, I have a lot of data entry pages and each one needs to have ValidateInput(false) on the controllers.
I don't want to allow dangerous input, but I also don't want to handle this in each and every controller.
Is there a way that the default, and ugly, error .Net error message can be overwritten, or is there a uniform way of handling this across controllers.
EDIT
I think maybe I didn't ask the question correctly.
For every data entry page I have I have to turn of Input Validation. This becomes somewhat boring and cumbersome. Each time I accept input I need to HTMLEncode and then HTMLDecode later.
Is there a way to do this in one central place and automatically?
最满意答案
关于输出:
这是一篇有趣的帖子 。 另一个来自Steve Sanderson。
我刚刚读过那篇文章 - 没有尝试过自己。
给出一些反馈结果。
关于输入: 您可以尝试使用模型联编程序和HtmlEncode值。
About output:
Here's an interesting post. And another one from Steve Sanderson.
I just read that post some time ago - haven't tried myself.
Give some feedback how it turns out.
About input: you could try to mess around with model binder and HtmlEncode values it takes.
更多推荐
输入,way,控制器,电脑培训,计算机培训,IT培训"/> <meta name="description"
发布评论