服务器端包含的问题
我非常想在我正在处理的项目中使用服务器端包含,因为我只有一些重复的 HTML,并且需要将其放在多个页面上。 必须我使用ascx或其他一些包含技术...我的意思是,如果我使用服务器端包含,会发生闪电吗?
我的客户端——中间人——说“做最简单的事情,无论如何,这可能很快就会在 CMS 中重做。”我可以不使用服务器端包含吗?
这是 ASP.NET 2.0。
注意:我觉得以前有人问过这个问题,但我找不到。如果有请告诉我,我会亲自删除,谢谢!
编辑:如果您有建议,任何在一条线上获得包含内容的方法对我来说都很好。
编辑:为什么我喜欢包含内容?
包含代码:
!--#include file="inc_footer.aspx"-->
与控件相同的代码。首先你需要其中一个
<%@ Register TagPrefix="a" TagName="HeyFooter" Src="inc_footer.ascx" %>
,然后你可以像这样使用它,
<a:HeyFooter runat="server" />
这对于我的需要来说有点长。
注意 include 的两个安全问题:1) 不要使用 .inc 扩展名,因为它可以被浏览。 2)不要包含基于用户变量的文件名,正如最佳答案所指出的那样。
I desperately want to use server-side includes in a project I'm working on because I just have some HTML that repeats and I need to get it on several pages. Must I use ascx or some other include technology... I mean, will lightning strike if I use server-side includes?
My client -- the middle-person -- says "do what's easiest, this will probably be redone in a CMS soon anyway." Can I not use server-side includes?
It's ASP.NET 2.0.
Note: I feel this has been asked before, but I couldn't find it. If it has, please let me know and I will personally delete it, thanks!
Edit: Any way to get an include ON ONE LINE would be fine with me, if you have suggestions.
Edit: Why do I like includes?
Include code:
!--#include file="inc_footer.aspx"-->
the same code for a control. First you need one of these
<%@ Register TagPrefix="a" TagName="HeyFooter" Src="inc_footer.ascx" %>
and then you can use it like this
<a:HeyFooter runat="server" />
this is kind of long for what I need.
Note Two security concerns with includes: 1) don't use the .inc extension, since it can be browsed. 2) do not include filenames based on user variables, as the best answer points o ut.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您通过字符串变量包含文件:
,那么根据该变量的填充方式,黑客可能会进行攻击来包含他自己的文件并在您的计算机上运行任意代码。但只要您使用字符串文字,就不会遇到这个问题。我会在 ASP.NET 中使用 母版页。这是拥有页面公共区域的公认方式。
您将像创建常规页面一样创建母版页,然后对其他每个页面的修改将是最少的。在每个页面文件的顶部添加一行,然后指定使用的部分。
If you include a file via a string variable:
<!--#include file=some_variable -->, then depending on how that variable is filled there are possible attacks a hacker could do to include his own files and run arbitrary code on your machine. But as long as you use a string literal, you won't run into this problem.I would use Master Pages in ASP.NET. This is the accepted way to have common areas of a page.
You would create a Master Page similarly as you would regular pages, then modification of each of the other pages would be minimal. Add a single line to the top of each page file, then specify the sections used.
不,如果您想保持简单,您绝对不需要使用花哨的 .NET Web 表单方法来执行此操作。只需将其放在您想要插入的位置即可:
html 将显示在那里。我给出了另一个目录的上下路径。这是“最简单”的,而且还具有非常直接的优点。请注意,这不会显示在您的视觉设计器中。 (反正我从来不使用它。)
No, you most definitely do not need to use fancy .NET web form ways of doing this, if you want to keep it simple. Just put this at the points where you want it inserted:
The html will show up there. I gave a path one up and down another directory. This is "easiest", but also has the virtue of being very straightforward. Note that this won't show up in your visual designer. (I never use it anyway.)
我仍然偶尔使用包含来达到您所描述的目的。
您实际上不需要注册用户控件,因为它只是普通的 html。而且您不需要母版页,因为它实际上只是需要位于几个选定页面上的一段 html。
因此,我从帮助文本文件的术语表中得到了这样的包含内容:
在我看来,使用旧式包含文件来实现此目的并没有什么问题。
I still use includes every once in awhile for exactly the purpose you describe.
You don't really need to register a user control because it's just plain html anyway. And you don't want a master page because it's really just a snippet of html that needs to be on a few select pages.
So I've got includes like this from a glossary of help text files:
In my opinion there's nothing wrong with using old school include files for this purpose.