使用编码字符代替正确的字符

发布于 2024-07-11 12:20:39 字数 1550 浏览 7 评论 0原文

我有一个小问题,希望你能帮我解决这个恼人的问题。

我需要在管理面板中使用 iFrame 来让用户使用选择服务,并且在 HTML 中我有:

<iframe scrolling="yes" runat="server" title="Par Selection" id="iFrame"
    frameborder="0" enableviewstate="true" width="100%" height="490" />

在我的代码隐藏文件中我有:

iFrame.Attributes.Add("src", String.Format(
            "https://www.parurval.se/urval/?username={0}&password={1}",
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));

输出是这样的:

<iframe id="tcMain_tabPARSelection_iFrame" scrolling="yes" title="Par Selection" 
   frameborder="0" width="100%" height="490" 
   src="https://www.parurval.se/urval/?username=myUsername&amp;password=myPassword">
</iframe>

注意 <在传递用户名和密码时,使用 & 代替 & 登录 src 地址

如何防止这种情况发生?

我尝试使用 HttpUtility.Decode( myCompleteUrl ) 但取得了相同的成就:(

最糟糕的是,如果 src 代码只有地址,

... src="https://www.parurval.se/urval/" ...

我将无法输入用户/密码,我明白了表单,我可以输入文本,但它什么也不做,它只刷新 iframe 内页,在完整窗口中执行此操作,效果很好,

在该管理面板中,我有一个文本框,供用户按顺序添加用户名和密码。进入管理页面,我将直接跳转到 iFrame 中的服务,这样用户就不需要每次都输入用户/密码来登录,这就是我尝试动态添加这些值的方法

<

strong 。 >添加: 如果我将正确的 URL 地址(包含用户和密码)放入 HTML 端的 iFrame src 属性中(不是动态的),一切都会正常工作:(

I have a little problem and I'm hopping that you can help me solve this annoying issue.

I need to use an iFrame in an administration panel to let users use the selection service, and in the HTML I have:

<iframe scrolling="yes" runat="server" title="Par Selection" id="iFrame"
    frameborder="0" enableviewstate="true" width="100%" height="490" />

in my code-behind file I have:

iFrame.Attributes.Add("src", String.Format(
            "https://www.parurval.se/urval/?username={0}&password={1}",
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));

The output is this:

<iframe id="tcMain_tabPARSelection_iFrame" scrolling="yes" title="Par Selection" 
   frameborder="0" width="100%" height="490" 
   src="https://www.parurval.se/urval/?username=myUsername&password=myPassword">
</iframe>

Please note the & instead & sign in the src address when passing username and password

How can I prevent this?

I tried with HttpUtility.Decode( myCompleteUrl ) but with the same achievement :(

The worst thing is, if the src code has only the address

... src="https://www.parurval.se/urval/" ...

I'm not able to input the user/pwd, I see the form and I can enter text, but it does nothing, it only refreshes the iframe inner page, doing this in a full window, works fine.

And in that administration panel I have a textbox to the user add the username and password in order that entering the Administration page, I will jump directly to the service in the iFrame so the user does not need to enter user/pwd to login every time, that is way I'm trying to add those values dynamically.

Any ideas?

Added:
If I put the correct URL address (with user and pwd) in the iFrame src attribute in the HTML side (not dynamically) all works fine :(

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

星光不落少年眉 2024-07-18 12:20:39

& 的存在; 实际上那里是正确的。 大多数浏览器都有足够的宽容度,不会因为看到和看到而感到窒息。 在那里,但从技术上讲这是不正确的。

The presense of the & is actually correct there. Most browsers are forgiving enough not to choke on just seeing & there, but it's technically not correct.

所谓喜欢 2024-07-18 12:20:39

“&” 是 HTML 中的特殊字符(更具体地说是 SGML),因此对其进行编码是正确的做法。 是的,即使在链接 URL 中也是如此。

“&” is a special character in HTML (more specifically in SGML), so encoding it is the correct thing to do. Yes, even in link URLs.

紫罗兰の梦幻 2024-07-18 12:20:39

HTML 4.01 规范指出:

作者应使用“&” (ASCII 十进制 38)代替“&” 以避免与字符引用的开头(实体引用开放分隔符)混淆。 作者还应该使用“&” 在属性值中,因为 CDATA 中允许字符引用属性值。

因此,将 & 编码为 & 是正确的行为,因为 src 属性值 (CDATA 数据类型)描述为:

CDATA 是文档字符集中的字符序列,可能包括字符实体。 用户代理应按如下方式解释属性值:

  • 用字符替换字符实体,
  • 忽略换行,
  • 将每个回车符或制表符替换为一个空格。

否则,像 /foo?bar§=123 这样的 src 属性值将是不明确的,因为它们可以按字面解释为 /foo?bar§=123< /code> 或(替换 sect< /code> 实体)作为 /foo?bar§=123

The HTML 4.01 specification states:

Authors should use "&" (ASCII decimal 38) instead of "&" to avoid confusion with the beginning of a character reference (entity reference open delimiter). Authors should also use "&" in attribute values since character references are allowed within CDATA attribute values.

So encoding the & as & is correct behavior since the interpretation of the src attribute value (CDATA data type) is described as:

CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows:

  • Replace character entities with characters,
  • Ignore line feeds,
  • Replace each carriage return or tab with a single space.

Otherwise src attribute values like /foo?bar§=123 would be ambiguous as they can be interpreted either literally as /foo?bar§=123 or (replacing the sect entity) as /foo?bar§=123.

她说她爱他 2024-07-18 12:20:39

在这种情况下,您可以利用 URL 编码来隐藏 &,绕过 XML 编码。 & 是 U+0025,因此您可以将其编码为 %25:https://www.parurval。 se/urval/?username={0}%25password={1}

This seems like a case where you can take advantage of URL encoding to hide the &, bypassing XML encoding. & is U+0025, so you can encode it as %25: https://www.parurval.se/urval/?username={0}%25password={1}

江南月 2024-07-18 12:20:39

你应该使用

     HttpUtility.HtmlEncode(String.Format("https://www.parurval.se/urval/?username={0}&password={1}",            
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),            
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));

You should use

     HttpUtility.HtmlEncode(String.Format("https://www.parurval.se/urval/?username={0}&password={1}",            
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),            
parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文