JQuery - $.ajax POST does not send data with “<” symbol to controller

Question

User-1634604574 posted

JQuery - $.ajax POST does not send data with “<” symbol to controller

 $.ajax({
                    type: "post",
         cache: false,
                    url: "/Print_Format/GetJavascriptFile",
          //contentType: "application/json; charset=utf-8",
            //                    dataType: "json"
               data: {f:"<pp>"},

         success: function (data) {
                alert(data);
            },
                })

 [HttpPost]
        public ActionResult GetJavascriptFile( string f)
        {
          //  f = "jquery-1.10.2.min.js";
            string mp = @"C:\temp\"+f+"";
           // return File(mp, "text/javascript");
            return Json( mp, "text/javascript");

        }

why i cannot send these symbol to controller <  and >

Answer 1

User-474980206 posted

You can, what makes you think you cannot. As the sample controller code does not use the passed data, use the debugger to see see the data.

Answer 2

User475983607 posted

You're mistaken.  AJAX passes "<".  This problem is your file path is invalid.  Perhaps try firing up the debugger and check your work.

Answer 3

User-1634604574 posted

till now i didn' understand what to do to solve this issue

Answer 4

User-17257777 posted

Hi zhyanadil.it@gmail.com,

You can use F12 bowser develop tool to check If this is any error in it. I tested your codes and found the error as below:

A potentially dangerous Request.Form value was detected from the client (f=&quot;&lt;pp&gt;&quot;).

Since the “<” and ”>” are HTML codes and they may cause XSS (cross-site scripting), which is by default prevented in MVC, so you couldn’t get them in the controller. 

One way is decorating the controller method with [ValidateInput(false)] and the other is decorating the ViewModel attribute with [AllowHtml]

For more details, you can refer to:

https://stackoverflow.com/questions/25630141/validateinputfalse-vs-allowhtml

Best Regards,

jiadong Meng