如何强制 jqGrid 4.10.1-pre 始终对 ' 字符进行编码
How to force jqGrid 4.10.1-pre to encode ' character always
免费的jqgrid使用设置
autoencode: true
网格定义包含:
$grid.jqGrid({
url: '/admin/API/Entity',
datatype: "json",
editurl:'/admin/Detail/Edit'
在线编辑 <a
字符被输入到 Nimetus 列,数据以 url-encoded 格式发布到服务器。
Request URL:http://localhost:52216/admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0
Request Method:POST
Status Code:490 OK
Response Headers
view source
Cache-Control:private, s-maxage=0
Content-Length:122
Content-Type:application/json; charset=utf-8
Date:Mon, 23 Nov 2015 15:31:54 GMT
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-SourceFiles:=?UTF-8?B?STpccmFhbWF0XEVldmFXZWJcRWV2YS5FcnBcRGV0YWlsXEVkaXQ=?=
Request Headers
POST /admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0 HTTP/1.1
Host: localhost:52216
Connection: keep-alive
Content-Length: 1724
Accept: */*
Origin: http://localhost:52216
X-Requested-With: XMLHttpRequest
Query String Parameters
_entity:DokG
_dokumnr:135322
_vmnr:0
Form Data
view parsed
Kogus=&Nimetus=%3Ca&Mootyhik0_nimetus=&Hinnak=&Hind=&Myygikood=&_rowsum=0.00&Rtellimus=&Toode=&Kulukonto=&Yhik=&Id=0&Dokumnr=135322&Reanr=3&_oper=edit&_rowid=1648&_dokdata=%5B%7B%22name%22%3A%22Klient0_nimi%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasudok%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Kuupaev%22%2C%22value%22%3A%222015-11-23%22%7D%2C%7B%22name%22%3A%22Kellaaeg%22%2C%22value%22%3A%2217+29%22%7D%2C%7B%22name%22%3A%22Maksetin1_tingimus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarnekla2_nimetus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Konto3_tekst%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Yksus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasukuup%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Knr%22%2C%22value%22%3A%2213111%22%7D%2C%7B%22name%22%3A%22Alamdok4_nimetus%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Raha%22%2C%22value%22%3A%22EUR%22%7D%2C%7B%22name%22%3A%22Eimuuda%22%2C%22value%22%3A%22false%22%7D%2C%7B%22name%22%3A%22Prladu5_laonimi%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Krdokumnr%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tekst1%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Pais7obj%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Klient%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Maksetin%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarneklaus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Arvekonto%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Oper%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Laonr%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Dokumnr%22%2C%22value%22%3A%22135322%22%7D%2C%7B%22name%22%3A%22Kinnitatud%22%2C%22value%22%3A%22False%22%7D%5D
ASP.NET MVC4 控制器使用反射来调用使用 ControllerContext.HttpContext.Request.Form["Nimetus"]
读取此值的方法
此访问导致异常
System.Web.HttpRequestValidationException was unhandled by user code
Message=A potentially dangerous Request.Form value was detected from the client (Nimetus="<a").
第
行出现异常
ControllerContext.HttpContext.Request.Form["Nimetus"]
如何解决这个问题?
编辑控制器方法签名为
[AcceptVerbs(HttpVerbs.Post)]
[HandleJsonException]
public JsonResult Edit(string _entity, string _dokdata, int? _dokumnr, string _rowid,
int? _vmnr, string _isik)
更新
文档header数据使用
作为_dokdata参数传递
extraparam: { _dokdata: getEevaFormData },
在
$.extend(true,$.jgrid.inlineEdit, {
position: "beforeSelected",
focusField: false,
restoreAfterError: false,
afterrestorefunc: function(rowId) {
updateButtonState($grid, rowId);
setFocusToGrid();
lastSelectedRow = undefined;
},
aftersavefunc: function(rowId, response) {
afterSaveFuncAfterAdd.call(this, rowId, response);
},
oneditfunc: function(rowId) {
onInlineEdit(rowId);
updateButtonState($grid, rowId);
},
keys: true,
rowID: '_empty',
useDefValues: true,
extraparam: { _dokdata: getEevaFormData },
errorfunc: errorfunc
});
Controller _dokdata 参数现在包含函数定义,其中 " 替换为 "
function getEevaFormData() {
return JSON.stringify($("#_form").serializeArray());
}
实际上它应该包含 json 这个函数调用的结果字符串
我将 '
和 /
的编码还原为 '
和 /
在免费的 jqGrid 中进行的编码。请参阅 the commit 以及原因说明。我认为 jqGrid 的部分需要更改,但我现在恢复到以前的行为。
免费的jqgrid使用设置
autoencode: true
网格定义包含:
$grid.jqGrid({
url: '/admin/API/Entity',
datatype: "json",
editurl:'/admin/Detail/Edit'
在线编辑 <a
字符被输入到 Nimetus 列,数据以 url-encoded 格式发布到服务器。
Request URL:http://localhost:52216/admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0
Request Method:POST
Status Code:490 OK
Response Headers
view source
Cache-Control:private, s-maxage=0
Content-Length:122
Content-Type:application/json; charset=utf-8
Date:Mon, 23 Nov 2015 15:31:54 GMT
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-SourceFiles:=?UTF-8?B?STpccmFhbWF0XEVldmFXZWJcRWV2YS5FcnBcRGV0YWlsXEVkaXQ=?=
Request Headers
POST /admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0 HTTP/1.1
Host: localhost:52216
Connection: keep-alive
Content-Length: 1724
Accept: */*
Origin: http://localhost:52216
X-Requested-With: XMLHttpRequest
Query String Parameters
_entity:DokG
_dokumnr:135322
_vmnr:0
Form Data
view parsed
Kogus=&Nimetus=%3Ca&Mootyhik0_nimetus=&Hinnak=&Hind=&Myygikood=&_rowsum=0.00&Rtellimus=&Toode=&Kulukonto=&Yhik=&Id=0&Dokumnr=135322&Reanr=3&_oper=edit&_rowid=1648&_dokdata=%5B%7B%22name%22%3A%22Klient0_nimi%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasudok%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Kuupaev%22%2C%22value%22%3A%222015-11-23%22%7D%2C%7B%22name%22%3A%22Kellaaeg%22%2C%22value%22%3A%2217+29%22%7D%2C%7B%22name%22%3A%22Maksetin1_tingimus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarnekla2_nimetus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Konto3_tekst%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Yksus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasukuup%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Knr%22%2C%22value%22%3A%2213111%22%7D%2C%7B%22name%22%3A%22Alamdok4_nimetus%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Raha%22%2C%22value%22%3A%22EUR%22%7D%2C%7B%22name%22%3A%22Eimuuda%22%2C%22value%22%3A%22false%22%7D%2C%7B%22name%22%3A%22Prladu5_laonimi%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Krdokumnr%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tekst1%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Pais7obj%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Klient%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Maksetin%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarneklaus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Arvekonto%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Oper%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Laonr%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Dokumnr%22%2C%22value%22%3A%22135322%22%7D%2C%7B%22name%22%3A%22Kinnitatud%22%2C%22value%22%3A%22False%22%7D%5D
ASP.NET MVC4 控制器使用反射来调用使用 ControllerContext.HttpContext.Request.Form["Nimetus"]
此访问导致异常
System.Web.HttpRequestValidationException was unhandled by user code
Message=A potentially dangerous Request.Form value was detected from the client (Nimetus="<a").
第
行出现异常ControllerContext.HttpContext.Request.Form["Nimetus"]
如何解决这个问题?
编辑控制器方法签名为
[AcceptVerbs(HttpVerbs.Post)]
[HandleJsonException]
public JsonResult Edit(string _entity, string _dokdata, int? _dokumnr, string _rowid,
int? _vmnr, string _isik)
更新
文档header数据使用
作为_dokdata参数传递 extraparam: { _dokdata: getEevaFormData },
在
$.extend(true,$.jgrid.inlineEdit, {
position: "beforeSelected",
focusField: false,
restoreAfterError: false,
afterrestorefunc: function(rowId) {
updateButtonState($grid, rowId);
setFocusToGrid();
lastSelectedRow = undefined;
},
aftersavefunc: function(rowId, response) {
afterSaveFuncAfterAdd.call(this, rowId, response);
},
oneditfunc: function(rowId) {
onInlineEdit(rowId);
updateButtonState($grid, rowId);
},
keys: true,
rowID: '_empty',
useDefValues: true,
extraparam: { _dokdata: getEevaFormData },
errorfunc: errorfunc
});
Controller _dokdata 参数现在包含函数定义,其中 " 替换为 "
function getEevaFormData() {
return JSON.stringify($("#_form").serializeArray());
}
实际上它应该包含 json 这个函数调用的结果字符串
我将 '
和 /
的编码还原为 '
和 /
在免费的 jqGrid 中进行的编码。请参阅 the commit 以及原因说明。我认为 jqGrid 的部分需要更改,但我现在恢复到以前的行为。