使用编码字符代替正确的字符
我有一个小问题,希望你能帮我解决这个恼人的问题。
我需要在管理面板中使用 iFrame 来让用户使用选择服务,并且在 HTML 中我有:
<iframe scrolling="yes" runat="server" title="Par Selection" id="iFrame"
frameborder="0" enableviewstate="true" width="100%" height="490" />
在我的代码隐藏文件中我有:
iFrame.Attributes.Add("src", String.Format(
"https://www.parurval.se/urval/?username={0}&password={1}",
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));
输出是这样的:
<iframe id="tcMain_tabPARSelection_iFrame" scrolling="yes" title="Par Selection"
frameborder="0" width="100%" height="490"
src="https://www.parurval.se/urval/?username=myUsername&password=myPassword">
</iframe>
请注意 <在传递用户名和密码时,使用 &
代替 &
登录 src 地址
如何防止这种情况发生?
我尝试使用 HttpUtility.Decode( myCompleteUrl ) 但取得了相同的成就:(
最糟糕的是,如果 src 代码只有地址,
... src="https://www.parurval.se/urval/" ...
我将无法输入用户/密码,我明白了表单,我可以输入文本,但它什么也不做,它只刷新 iframe 内页,在完整窗口中执行此操作,效果很好,
在该管理面板中,我有一个文本框,供用户按顺序添加用户名和密码。进入管理页面,我将直接跳转到 iFrame 中的服务,这样用户就不需要每次都输入用户/密码来登录,这就是我尝试动态添加这些值的方法
<
strong 。 >添加: 如果我将正确的 URL 地址(包含用户和密码)放入 HTML 端的 iFrame src 属性中(不是动态的),一切都会正常工作:(
I have a little problem and I'm hopping that you can help me solve this annoying issue.
I need to use an iFrame in an administration panel to let users use the selection service, and in the HTML I have:
<iframe scrolling="yes" runat="server" title="Par Selection" id="iFrame"
frameborder="0" enableviewstate="true" width="100%" height="490" />
in my code-behind file I have:
iFrame.Attributes.Add("src", String.Format(
"https://www.parurval.se/urval/?username={0}&password={1}",
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));
The output is this:
<iframe id="tcMain_tabPARSelection_iFrame" scrolling="yes" title="Par Selection"
frameborder="0" width="100%" height="490"
src="https://www.parurval.se/urval/?username=myUsername&password=myPassword">
</iframe>
Please note the &
instead &
sign in the src address when passing username and password
How can I prevent this?
I tried with HttpUtility.Decode( myCompleteUrl ) but with the same achievement :(
The worst thing is, if the src code has only the address
... src="https://www.parurval.se/urval/" ...
I'm not able to input the user/pwd, I see the form and I can enter text, but it does nothing, it only refreshes the iframe inner page, doing this in a full window, works fine.
And in that administration panel I have a textbox to the user add the username and password in order that entering the Administration page, I will jump directly to the service in the iFrame so the user does not need to enter user/pwd to login every time, that is way I'm trying to add those values dynamically.
Any ideas?
Added:
If I put the correct URL address (with user and pwd) in the iFrame src attribute in the HTML side (not dynamically) all works fine :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
& 的存在; 实际上那里是正确的。 大多数浏览器都有足够的宽容度,不会因为看到和看到而感到窒息。 在那里,但从技术上讲这是不正确的。
The presense of the & is actually correct there. Most browsers are forgiving enough not to choke on just seeing & there, but it's technically not correct.
“&” 是 HTML 中的特殊字符(更具体地说是 SGML),因此对其进行编码是正确的做法。 是的,即使在链接 URL 中也是如此。
“&” is a special character in HTML (more specifically in SGML), so encoding it is the correct thing to do. Yes, even in link URLs.
HTML 4.01 规范指出:
因此,将
&
编码为&
是正确的行为,因为src
属性值 (CDATA 数据类型)描述为:否则,像
/foo?bar§=123
这样的src
属性值将是不明确的,因为它们可以按字面解释为/foo?bar§=123< /code> 或(替换
sect< /code> 实体
)作为
/foo?bar§=123
。The HTML 4.01 specification states:
So encoding the
&
as&
is correct behavior since the interpretation of thesrc
attribute value (CDATA data type) is described as:Otherwise
src
attribute values like/foo?bar§=123
would be ambiguous as they can be interpreted either literally as/foo?bar§=123
or (replacing thesect
entity) as/foo?bar§=123
.在这种情况下,您可以利用 URL 编码来隐藏 &,绕过 XML 编码。 & 是 U+0025,因此您可以将其编码为 %25:https://www.parurval。 se/urval/?username={0}%25password={1}
This seems like a case where you can take advantage of URL encoding to hide the &, bypassing XML encoding. & is U+0025, so you can encode it as %25: https://www.parurval.se/urval/?username={0}%25password={1}
你应该使用
You should use