im试图使用代码而不是向导来编辑字段。我不完全确定我的代码是否正确,以更新字段。这是我必须编辑字段的代码:
Protected Sub ListView1_ItemEditing(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewEditEventArgs) Handles ListView1.ItemEditing
ListView1.EditIndex = e.NewEditIndex
ListView1.DataBind()
End Sub
Protected Sub ListView1_ItemUpdating(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewUpdateEventArgs) Handles ListView1.ItemUpdating
Dim profile = Request.QueryString("Profile")
Dim postid As Label = DirectCast(ListView1.EditItem.FindControl("postId"), Label)
Dim textbox As TextBox = DirectCast(ListView1.EditItem.FindControl("EditPostTxt"), TextBox)
Dim getComment = (From p In db.Posts Where p.PostId = New Guid(postid.Text)).Single
getComment.Post = cc.reverseExchangeSmilies(textbox.Text)
db.SubmitChanges()
ListView1.EditIndex = -1
cc.LoadComments(profile, ListView1)
End Sub
当我因为帖子包含html而尝试以太更新或取消帖子时,我会收到以下错误:
A potentially dangerous Request.Form value was detected from the client
我想知道在它更新帖子之前,它是否可以使用reverseExchangeSmilies将它们重新转换为smile,而不是html,或者在这一点上允许使用html。
aspx页面:
<asp:ListView ID="ListView1" runat="server">
<ItemTemplate>
<div id="header">
<asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br />
</div>
<div id="leftcolumn">
<asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div>
<div id="content">
<asp:Label ID="Label4" runat="server" Text='<%#Eval("Post") %>'></asp:Label><br />
</div>
<div id="footer">
<%# Eval("Date")%><br />
<asp:linkbutton id="linkbutton1" runat="server" CommandName="del" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Delete" onclientclick="return confirm('Are you sure?');" />
<asp:linkbutton id="linkbutton2" runat="server" CommandName="Edit" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Edit" />
</div>
<br />
</ItemTemplate>
<EditItemTemplate>
<div id="header">
<asp:Label ID="postId" runat="server" Text='<%#Eval("PostId") %>'></asp:Label>
<asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br />
</div>
<div id="leftcolumn">
<asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div>
<div id="content">
<asp:TextBox ID="EditPostTxt" runat="server" Text='<%#Eval("Post") %>' Width="100%" TextMode="MultiLine"></asp:TextBox>
</div>
<div id="footer">
<%# Eval("Date")%><br />
<asp:linkbutton id="SaveEditBut" runat="server" CommandName="Update" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Update" />
<asp:linkbutton id="Linkbutton3" runat="server" CommandName="Cancel" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Cancel" />
</div>
<br />
</EditItemTemplate>
</asp:ListView>
提前谢谢。
框架阻止您发布html代码作为安全措施。通过添加页面指令,可以为当前页面关闭此功能。
<%@ Page validateRequest="false" %>
另一种选择是在客户端使用javascript来更改"<"至<和'>'到>和'&'到&张贴之前。然后在服务器端,您可以在将html写入屏幕之前对其进行解码。
function encodeValue(element_id)
{
var elem = document.getElementById(element_id);
var html = elem.value;
html= html.replace(/&/gi,"&");
html= html.replace(/</gi,"<");
html= html.replace(/>/gi,">");
elem.value = html;
}