Linq编辑列表查看

Question

即时尝试使用代码而不是向导编辑字段。即时通讯不完全确定我的代码是否正确更新字段。这里是代码，我编辑的字段：

Protected Sub ListView1_ItemEditing(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewEditEventArgs) Handles ListView1.ItemEditing 
    ListView1.EditIndex = e.NewEditIndex 
    ListView1.DataBind() 
End Sub 

Protected Sub ListView1_ItemUpdating(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ListViewUpdateEventArgs) Handles ListView1.ItemUpdating 
    Dim profile = Request.QueryString("Profile") 
    Dim postid As Label = DirectCast(ListView1.EditItem.FindControl("postId"), Label) 
    Dim textbox As TextBox = DirectCast(ListView1.EditItem.FindControl("EditPostTxt"), TextBox) 
    Dim getComment = (From p In db.Posts Where p.PostId = New Guid(postid.Text)).Single 

    getComment.Post = cc.reverseExchangeSmilies(textbox.Text) 
    db.SubmitChanges() 

    ListView1.EditIndex = -1 
    cc.LoadComments(profile, ListView1) 
End Sub 

当过我尝试醚更新或取消的职位，因为该职位包含HTML我得到以下错误：

A potentially dangerous Request.Form value was detected from the client 

我想知道如果在它更新后，它可以使用reverseExchangeSmilies将它们变成微笑而不是html，或者可能允许在此时使用html。

aspx页面：

<asp:ListView ID="ListView1" runat="server"> 
            <ItemTemplate> 
             <div id="header"> 

              <asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br /> 
             </div> 
             <div id="leftcolumn"> 
              <asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div> 
             <div id="content"> 
              <asp:Label ID="Label4" runat="server" Text='<%#Eval("Post") %>'></asp:Label><br /> 
             </div> 
             <div id="footer"> 
              <%# Eval("Date")%><br /> 
              <asp:linkbutton id="linkbutton1" runat="server" CommandName="del" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Delete" onclientclick="return confirm('Are you sure?');" /> 
              <asp:linkbutton id="linkbutton2" runat="server" CommandName="Edit" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Edit" /> 
             </div> 
             <br /> 
            </ItemTemplate> 
            <EditItemTemplate> 
            <div id="header"> 
             <asp:Label ID="postId" runat="server" Text='<%#Eval("PostId") %>'></asp:Label> 
              <asp:HyperLink ID="UserPageLik" runat="server" NavigateUrl='<%#"Default.aspx?Profile=" + Eval("ProfileId") %>'> <%# Eval("fullname")%> </asp:HyperLink><br /> 
             </div> 
             <div id="leftcolumn"> 
              <asp:ImageButton ID="Image1" runat="server" ImageUrl='<%#Eval("DisaplyPictureSmall") %>' /></div> 
             <div id="content"> 
              <asp:TextBox ID="EditPostTxt" runat="server" Text='<%#Eval("Post") %>' Width="100%" TextMode="MultiLine"></asp:TextBox> 
             </div> 
             <div id="footer"> 
              <%# Eval("Date")%><br /> 
              <asp:linkbutton id="SaveEditBut" runat="server" CommandName="Update" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Update" /> 
              <asp:linkbutton id="Linkbutton3" runat="server" CommandName="Cancel" CommandArgument='<%# Eval("PostId") %>' forecolor="red" text="Cancel" /> 
             </div> 
             <br /> 
            </EditItemTemplate> 
           </asp:ListView> 

在此先感谢。

Answer 1

该框架阻止您发布HTML代码作为安全措施。通过添加页面指令，可以关闭当前页面。

<%@ Page validateRequest="false" %> 

另一种选择是使用JavaScript在客户端发布前改变“<”到<和“>”来>和“&”到&。然后在服务器端，您可以在将HTML写入屏幕之前将其解码。

function encodeValue(element_id) 
{ 
    var elem = document.getElementById(element_id); 
    var html = elem.value; 
    html= html.replace(/&/gi,"&"); 
    html= html.replace(/</gi,"&lt;"); 
    html= html.replace(/>/gi,"&gt;"); 
    elem.value = html; 
}