As others have mentioned, you can't control what other users are doing. If you are already checking in your controller if the button should be enabled, then the proper solution is to also disable the endpoint at the same time so nothing happens or it returns an error page if they click on it anyway.
As a side note: You are correct, it only cares if the word disabled is there. Disabled="disabled" is normally done to make it compatible with xhtml. It does not matter at all what is in the quotes. They are ignored.
我们项目中的真实代码:
if (!order.CanEdit())
return PartialView("_ErrorDialog", "Order cannot be edited.");
else if (!order.CanBeTransferred())
return PartialView("_ErrorDialog", "Invalid status. Cannot transfer this order");
else if (order.IsTransfer)
return PartialView("_ErrorDialog", "Cannot transfer an existing transfer.");
您不应该仅仅依赖html来阻止功能.
或者,如果这是所有回发,您不能仅仅将按钮呈现为禁用,您可以将操作更改为#.但这并不是愚蠢的证据,因为有人仍然可以try 直接呼叫您的端点.