开发者

Overcoming .Net 4 'security' fix that passes char codes instead of literals (jquery/mvc)

开发者 https://www.devze.com 2023-04-03 18:24 出处：网络

I\'m returning some partial views via Jquery Ajax calls.When it returns (some j开发者_JAVA百科avascript I\'m passing back, for better or worse), the single quotes - \' symbols, are returned like the b

相关专题：.net asp.net-mvc html-encode

I'm returning some partial views via Jquery Ajax calls. When it returns (some j开发者_JAVA百科avascript I'm passing back, for better or worse), the single quotes - ' symbols, are returned like the below (as viewed by fiddler):

         xAxis: {
            categories: [&#39;Jan&#39;, &#39;Feb&#39;, &#39;Mar&#39;, &#39;Apr&#39;, &#39;May&#39;, &#39;Jun&#39;, &#39;Jul&#39;, &#39;Aug&#39;, &#39;Sep&#39;, &#39;Oct&#39;, &#39;Nov&#39;, &#39;Dec&#39;]
        },

So of course the javascript returned is malformed and can't be called.

Looking into this, it's apparently a 'security' update in .net v4 to avoid xss attacks. That forum basically says that it is bad news, and suggests overriding the default HTML encoding class. I tried this with no luck.

Any suggestions for removing this annoying functionality?

If it is an actual partial view you are returning, you could wrap you javascript part in a @Html.Raw(javascript) so it does not get encoded.