Linq編輯列表查看

Question

即時嘗試使用代碼而不是嚮導編輯字段。即時通訊不完全確定我的代碼是否正確更新字段。這裏是代碼，我編輯的字段：

Protected Sub ListView1_ItemEditing(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewEditEventArgs) Handles ListView1.ItemEditing 
    ListView1.EditIndex = e.NewEditIndex 
    ListView1.DataBind() 
End Sub 

Protected Sub ListView1_ItemUpdating(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewUpdateEventArgs) Handles ListView1.ItemUpdating 
    Dim profile = Request.QueryString("Profile") 
    Dim postid As Label = DirectCast(ListView1.EditItem.FindControl("postId"), Label) 
    Dim textbox As TextBox = DirectCast(ListView1.EditItem.FindControl("EditPostTxt"), TextBox) 
    Dim getComment = (From p In db.Posts Where p.PostId = New Guid(postid.Text)).Single 

    getComment.Post = cc.reverseExchangeSmilies(textbox.Text) 
    db.SubmitChanges() 

    ListView1.EditIndex = -1 
    cc.LoadComments(profile, ListView1) 
End Sub 

當過我嘗試醚更新或取消的職位，因爲該職位包含HTML我得到以下錯誤：

A potentially dangerous Request.Form value was detected from the client 

我想知道如果在它更新後，它可以使用reverseExchangeSmilies將它們變成微笑而不是html，或者可能允許在此時使用html。

aspx頁面：

<asp:ListView ID="ListView1" runat="server"> 
            <ItemTemplate> 
             <div id="header"> 

              <asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br /> 
             </div> 
             <div id="leftcolumn"> 
              <asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div> 
             <div id="content"> 
              <asp:Label ID="Label4" runat="server" Text='<%#Eval("Post") %>'></asp:Label><br /> 
             </div> 
             <div id="footer"> 
              <%# Eval("Date")%><br /> 
              <asp:linkbutton id="linkbutton1" runat="server" CommandName="del" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Delete" onclientclick="return confirm('Are you sure?');" /> 
              <asp:linkbutton id="linkbutton2" runat="server" CommandName="Edit" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Edit" /> 
             </div> 
             <br /> 
            </ItemTemplate> 
            <EditItemTemplate> 
            <div id="header"> 
             <asp:Label ID="postId" runat="server" Text='<%#Eval("PostId") %>'></asp:Label> 
              <asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br /> 
             </div> 
             <div id="leftcolumn"> 
              <asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div> 
             <div id="content"> 
              <asp:TextBox ID="EditPostTxt" runat="server" Text='<%#Eval("Post") %>' Width="100%" TextMode="MultiLine"></asp:TextBox> 
             </div> 
             <div id="footer"> 
              <%# Eval("Date")%><br /> 
              <asp:linkbutton id="SaveEditBut" runat="server" CommandName="Update" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Update" /> 
              <asp:linkbutton id="Linkbutton3" runat="server" CommandName="Cancel" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Cancel" /> 
             </div> 
             <br /> 
            </EditItemTemplate> 
           </asp:ListView> 

在此先感謝。

Answer 1

該框架阻止您發佈HTML代碼作爲安全措施。通過添加頁面指令，可以關閉當前頁面。

<%@ Page validateRequest="false" %> 

另一種選擇是使用JavaScript在客戶端發佈前改變「<」到<和「>」來>和「&」到&。然後在服務器端，您可以在將HTML寫入屏幕之前將其解碼。

function encodeValue(element_id) 
{ 
    var elem = document.getElementById(element_id); 
    var html = elem.value; 
    html= html.replace(/&/gi,"&"); 
    html= html.replace(/</gi,"&lt;"); 
    html= html.replace(/>/gi,"&gt;"); 
    elem.value = html; 
}