免费jqgrid使用设置
autoencode: true
网格定义包含:
$grid.jqGrid({
url: '/admin/API/Entity',
datatype: "json",
editurl:'/admin/Detail/Edit'
在内联编辑中<a字符被输入 Nimetus 列,数据以 url 编码格式发布到服务器。
Request URL:http://localhost:52216/admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0
Request Method:POST
Status Code:490 OK
Response Headers
view source
Cache-Control:private, s-maxage=0
Content-Length:122
Content-Type:application/json; charset=utf-8
Date:Mon, 23 Nov 2015 15:31:54 GMT
Server:Microsoft-IIS/10.0
X-AspNet-Version:4.0.30319
X-SourceFiles:=?UTF-8?B?STpccmFhbWF0XEVldmFXZWJcRWV2YS5FcnBcRGV0YWlsXEVkaXQ=?=
Request Headers
POST /admin/Detail/Edit?_entity=DokG&_dokumnr=135322&_vmnr=0 HTTP/1.1
Host: localhost:52216
Connection: keep-alive
Content-Length: 1724
Accept: */*
Origin: http://localhost:52216
X-Requested-With: XMLHttpRequest
Query String Parameters
_entity:DokG
_dokumnr:135322
_vmnr:0
Form Data
view parsed
Kogus=&Nimetus=%3Ca&Mootyhik0_nimetus=&Hinnak=&Hind=&Myygikood=&_rowsum=0.00&Rtellimus=&Toode=&Kulukonto=&Yhik=&Id=0&Dokumnr=135322&Reanr=3&_oper=edit&_rowid=1648&_dokdata=%5B%7B%22name%22%3A%22Klient0_nimi%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasudok%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Kuupaev%22%2C%22value%22%3A%222015-11-23%22%7D%2C%7B%22name%22%3A%22Kellaaeg%22%2C%22value%22%3A%2217+29%22%7D%2C%7B%22name%22%3A%22Maksetin1_tingimus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarnekla2_nimetus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Konto3_tekst%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Yksus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tasukuup%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Knr%22%2C%22value%22%3A%2213111%22%7D%2C%7B%22name%22%3A%22Alamdok4_nimetus%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Raha%22%2C%22value%22%3A%22EUR%22%7D%2C%7B%22name%22%3A%22Eimuuda%22%2C%22value%22%3A%22false%22%7D%2C%7B%22name%22%3A%22Prladu5_laonimi%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Krdokumnr%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tekst1%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Pais7obj%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Klient%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Maksetin%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Tarneklaus%22%2C%22value%22%3A%22%22%7D%2C%7B%22name%22%3A%22Arvekonto%22%2C%22value%22%3A%22112%22%7D%2C%7B%22name%22%3A%22Oper%22%2C%22value%22%3A%22ASL%22%7D%2C%7B%22name%22%3A%22Laonr%22%2C%22value%22%3A%221%22%7D%2C%7B%22name%22%3A%22Dokumnr%22%2C%22value%22%3A%22135322%22%7D%2C%7B%22name%22%3A%22Kinnitatud%22%2C%22value%22%3A%22False%22%7D%5D
ASP.NET MVC4 控制器使用反射来调用读取此值的方法ControllerContext.HttpContext.Request.Form["Nimetus"]
此访问导致异常
System.Web.HttpRequestValidationException was unhandled by user code
Message=A potentially dangerous Request.Form value was detected from the client (Nimetus="<a").
行发生异常
ControllerContext.HttpContext.Request.Form["Nimetus"]
如何解决这个问题?
编辑控制器方法签名是
[AcceptVerbs(HttpVerbs.Post)]
[HandleJsonException]
public JsonResult Edit(string _entity, string _dokdata, int? _dokumnr, string _rowid,
int? _vmnr, string _isik)
Update
文档标题数据作为 _dokdata 参数传递,使用
extraparam: { _dokdata: getEevaFormData },
in
$.extend(true,$.jgrid.inlineEdit, {
position: "beforeSelected",
focusField: false,
restoreAfterError: false,
afterrestorefunc: function(rowId) {
updateButtonState($grid, rowId);
setFocusToGrid();
lastSelectedRow = undefined;
},
aftersavefunc: function(rowId, response) {
afterSaveFuncAfterAdd.call(this, rowId, response);
},
oneditfunc: function(rowId) {
onInlineEdit(rowId);
updateButtonState($grid, rowId);
},
keys: true,
rowID: '_empty',
useDefValues: true,
extraparam: { _dokdata: getEevaFormData },
errorfunc: errorfunc
});
控制器 _dokdata 参数现在包含函数定义,并将“替换为"
function getEevaFormData() {
return JSON.stringify($("#_form").serializeArray());
}
实际上它应该包含 json 字符串,这是这个函数调用的结果
