Save an HTML - possibly dangerous value Request.Form

Asked

Viewed 920 times

1

I have a Textareafor that receives an HTML content, when trying to record I have an error, I added in web.config the pages validateRequest="false" I’ve tested the common text Insert and it works, only with HTML it doesn’t work

    [HttpPost]
    [ValidateInput(false)]
    public ActionResult GravarDados(tb_conteudo dadosTabela)
    {
        string titulocategoria = dadosTabela.CONT_TITULO;
        string tituloconteudo  = dadosTabela.CONT_TITULO;
        string conteudoHtml    = dadosTabela.CONT_HTML;

        //grava a categoria do conteúdo 
        var tcategoriaConteudo = new ConteudoCategoriaAplicacao();
        tcategoriaConteudo.GravaCategoriaConteudo(titulocategoria);

        //pega o id da categoria para gravar o conteúdo
        var tBuscarcategoriaConteudo = new ConteudoCategoriaAplicacao();
        var DadosCategoria = tcategoriaConteudo.BuscaIdCategoriaConteudo();
        int IdCategoria = Convert.ToInt16(DadosCategoria.COCA_PK_ID);

        //grava o conteúdo 
        var tConteudo = new ConteudoAplicacao();
        tConteudo.GravaConteudo(tituloconteudo, conteudoHtml, IdCategoria);

        return  RedirectToAction("index");
    }

error:

1 answer

1


You need to add the annotation [AllowHtml] on the property of tb_conteudo that is receiving HTML content.

Example:

public class tb_conteudo
{
    [AllowHtml]
    public string CONT_HTML { get; set; }

    /* Outras propriedades */
}
  • I appreciate the help but there’s not much right, I had the same mistake

  • Put everywhere they receive an HTML? Gave rebuild on the project to test?

  • I did the test and it worked for a small HTML, if I have it a little bigger I have error. because of the size? I don’t have an idea, but it worked for a small

  • Yes, then the problem is completely different. It has to do with the size of the request received.

  • It worked, I tested it again and everything works

Browser other questions tagged

You are not signed in. Login or sign up in order to post.