I've seen several posts about turning off HttpRequestValidation for controllers/actions to get around this error, but I really want it to be enabled for the most part. There are few enough instances where I want to bypass the validation that I am willing to wrap a try/catch block around it:
string searchTerm = string.Empty;
try {
searchTerm = Request.QueryString["q"];
} catch (HttpRequestValidationException ex) {
// What can I do here to captu开发者_高级运维re the value? Is parsing the error message the only way?
// Seems like ex.Data property would be a good place for Microsoft to stick values if
// people wanted to do something with them, but ex.Data is empty.
}
Again, this is only for certain fields within forms, so I DO NOT want to disable validation for an entire controller or action. I want the added protection there for fields I have not specifically handled.
Did you check out the AllowHTML attribute? It might be exactly what you need.
public class MyModel
{
public string ValidatedField {get; set;} // no HTML allowed here!
[AllowHtml]
public string NonValidatedField {get; set;} // user can enter HTML
}
精彩评论