Html.Encode 重要性
我正在学习 NerdDinner MVC 教程,并遇到了这个问题并且对此感到好奇。
在 pdf 的第 62 页上,他们有以下内容:
<asp:Content ID="Main" ContentPlaceHolderID="MainContent" runat="server">
<h2>Upcoming Dinners</h2>
<ul>
<% foreach (var dinner in Model) { %>
<li>
<a href="/Dinners/Details/<%=dinner.DinnerID %>">
<%= Html.Encode(dinner.Title) %>
</a>
on
<%= Html.Encode(dinner.EventDate.ToShortDateString())%>
@
<%= Html.Encode(dinner.EventDate.ToShortTimeString())%>
</li>
<% } %>
</ul>
</asp:Content>
然后他们声明,您可以使用 Html 帮助程序,而不是使用 标签,如下所示:
<%= Html.ActionLink(dinner.Title, "Details", new { id=dinner.DinnerID }) %>
问题是:它不是仍然吗使用这种方法时,对 Html.Encode thedinner.Title 从模型中编码很重要吗?如果没有,为什么不呢?如果是这样,有没有办法使用 Html.ActionLink 并仍然使用 Html.Encode?
I'm working through the NerdDinner MVC tutorial and came across this and was wondering about.
On page 62 of the pdf they have the following:
<asp:Content ID="Main" ContentPlaceHolderID="MainContent" runat="server">
<h2>Upcoming Dinners</h2>
<ul>
<% foreach (var dinner in Model) { %>
<li>
<a href="/Dinners/Details/<%=dinner.DinnerID %>">
<%= Html.Encode(dinner.Title) %>
</a>
on
<%= Html.Encode(dinner.EventDate.ToShortDateString())%>
@
<%= Html.Encode(dinner.EventDate.ToShortTimeString())%>
</li>
<% } %>
</ul>
</asp:Content>
They then state that instead of using an <a>
tag that you can use the Html helper like so:
<%= Html.ActionLink(dinner.Title, "Details", new { id=dinner.DinnerID }) %>
The question is: Isn't it still important to Html.Encode the dinner.Title from the Model when using this approach? If not, why not? If so, is there a way to use the Html.ActionLink and still use Html.Encode?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Html.ActionLink
已在内部调用Encode
(请参阅源代码)。你不想做两次。Html.ActionLink
already callsEncode
, internally (see the source). You don't want to do it twice.