Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Filandor2014-12-25 10:25:07
Dmitry Filandor, 2014-12-25 10:25:07
How to check the data from the client?
Hello!
I have users write posts to their blogs, write articles in an html editor, html text goes to the database, a post creation controller:
[HttpPost]
[ValidateAntiForgeryToken()]
public JsonResult CreateRecordBlog(BusinessLayer.Record.Record recordBL)
{
...article model:
[Required]
[AllowHtml]
[StringLength(5000, ErrorMessage = "Размер записи должен быть минимум 200 знаков и максимум 5000.", MinimumLength = 200)]
public string Text { get; set; }
...as you can see html text is allowed.
I recently updated the asp version, well, I didn’t touch anything else except for updating the packages. When publishing a record, everything is ok on the locale, it is published, and on the server this is the exception:
A potentially dangerous Request.Form value received from the client (Text="
vyyyyyyyyyyav
...") was detected.
vyayyyyyyyyav - this is a test to be published. I reviewed everything, it doesn’t publish even a crack, but on the locale (the locale is configured for the combat database on the host) everything works.
As a result, I had to hang on the record creation controller:
[ValidateInput(false)]
now works, but how did it work before? And as I understand it, this is a security hole, now you can record all sorts of filth, a script, etc.
Similar questions
E
Egor Mikheev2017-09-11 17:47:43
What is the correct way to update an object in ASP .NET and EF?
2Reply
K
V
I
Ivan Murashkin2017-10-03 22:32:00
What's an easy and reliable way to hash an ASP.NET MVC password?
3Reply
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question