model binding url encoded string mvc 3_问答_开发者

开发者 https://www.devze.com 2023-04-02 08:23 出处：网络

I am using MVC 3 model binding in combination with JQuery serializer() to edit some data in a form. All is working well except when I have some \'url-encoded\' (don\'t know a better term) text in my d

I am using MVC 3 model binding in combination with JQuery serializer() to edit some data in a form. All is working well except when I have some 'url-encoded' (don't know a better term) text in my data. This data is there because I use a rich text editor just like the one I use now.

$.post("/controller/submit", $("form").serialize(), function (r) {....}

And my controller is like

[HttpPost]
public ActionResult Confirm(MyViewModel model)
{
    return PartialView(model);
}

Some data that will cause problems looks like this

Venue=dasd&StartDate=5-sep-2011&startTime=0%3A00&endTime=0%3A00&EndDate=6-sep-2011&Title=Hello&Description=%3Cstrong%3Ebold+mother%3C%2开发者_开发问答Fstrong%3E&Pricing=&BuyTicketsUrl=&CategoryId=1&Url=&Bid=0&MaximumExpense=0

You can see that the description has stuff like %3Cstrong%3E because it is a serialized textbox with some html encoded text. Can I get the default model binder to just get the html or can I change the way JQuery serializes the form? Or should I use JSON instead?

The .serialize() method does what it is supposed to do. There is nothing else you need to do on the client side. The problem is the server that will reject this input. You could decorate your Description property on the view model with the [AllowHtml] attribute:

[AllowHtml]
public string Description { get; set; }

Now the default model binder will be happy to assign this value. Now because some malicious user can decide to do nasty things to your site if you ever intend to show this HTML unencode make sure you pass it through AntiXss. If you are always going to display this value HTML encoded then you are pretty safe => simply store it as is in the database and display by HTML encoding.