private string formatInputValue(ModelBindingContext bindingContext, string inputValue, bool cleanHtml) { if (string.IsNullOrEmpty(inputValue)) { return(inputValue); } if (cleanHtml) { //处理多行纯文本 inputValue = HtmlUtility.CleanHtml(inputValue, TrustedHtmlLevel.HtmlEditor); } else { //处理html标签 inputValue = HtmlUtility.StripHtml(inputValue, true, false); inputValue = Formatter.FormatMultiLinePlainTextForStorage(inputValue, false); } inputValue = StringUtility.StripSQLInjection(inputValue); if (string.IsNullOrEmpty(inputValue)) { bindingContext.ModelState.AddModelError("UnTrustedHtml", "内容未通过验证或包含非法字符如<、>!"); } return(inputValue); }
/// <summary> /// 转换为Category用于数据库存储 /// </summary> public Category AsCategory() { Category category = null; if (CategoryId == 0) { category = Category.New(); } else { CategoryService categoryService = new CategoryService(); category = categoryService.Get(CategoryId); } category.Depth = Depth; category.CategoryName = CategoryName; category.Description = Formatter.FormatMultiLinePlainTextForStorage(Description, true) ?? string.Empty; category.ParentId = ParentId; category.OwnerId = OwnerId; category.TenantTypeId = TenantTypeId; category.LastModified = DateTime.UtcNow; return(category); }
/// <summary> /// /// </summary> /// <param name="controllerContext"></param> /// <param name="bindingContext"></param> /// <returns></returns> public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) { var value = base.BindModel(controllerContext, bindingContext); if (value == null) { return(value); } if (controllerContext.RouteData.Values.ContainsKey(bindingContext.ModelName)) { return(value); } string[] tempArray = null; if (bindingContext.ModelType.FullName.Contains("System.String") && value is Array) { tempArray = (string[])value; } //内容过滤 if ((tempArray != null && tempArray.Length > 0) || value is string && !string.IsNullOrEmpty(value as string)) { if (controllerContext.Controller.ValueProvider.ContainsPrefix(bindingContext.ModelName) || bindingContext.ModelMetadata.ContainerType != null) { //处理敏感词 WordFilterStatus status = WordFilterStatus.Banned; if (tempArray != null && tempArray.Length > 0) { for (int i = 0; i < tempArray.Length; i++) { tempArray[i] = WordFilter.SensitiveWordFilter.Filter(tempArray[i], out status); if (status == WordFilterStatus.Banned) { bindingContext.ModelState.AddModelError("SensitiveWord", "内容未通过验证或包含非法词语!"); break; } } return(tempArray); } string tempValue = (value as string).Trim(); Type type = bindingContext.ModelMetadata.ContainerType; PropertyInfo propertyInfo = null; if (type != null) { propertyInfo = type.GetProperty(bindingContext.ModelName); } var noFilterWordAttribute = propertyInfo != null?Attribute.GetCustomAttribute(propertyInfo, typeof(NoFilterWordAttribute)) as NoFilterWordAttribute : null; if (noFilterWordAttribute == null) { tempValue = WordFilter.SensitiveWordFilter.Filter(tempValue, out status); if (status == WordFilterStatus.Banned) { bindingContext.ModelState.AddModelError("SensitiveWord", "内容未通过验证或包含非法词语!"); return(tempValue); } } if (propertyInfo != null) { var dataTypeAttribute = Attribute.GetCustomAttribute(propertyInfo, typeof(DataTypeAttribute)) as DataTypeAttribute; if (dataTypeAttribute != null) { if (dataTypeAttribute.DataType == DataType.MultilineText) { //处理多行纯文本 tempValue = Formatter.FormatMultiLinePlainTextForStorage(tempValue, false); } else if (dataTypeAttribute.DataType == DataType.Html) { //处理html标签 tempValue = HtmlUtility.CleanHtml(tempValue, TrustedHtmlLevel.HtmlEditor); } } } return(tempValue); } } return(value); }