是否可以对可能已或尚未干净编码的内容进行 Html 编码?
我正在将 ASP.Net 4.0 与 MVC 2 一起使用。我收到的用户内容可能已经或尚未经过 Html 编码。我读过 http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax- for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx 这很有趣,但我需要的是一种确保内容编码而不需要双重编码的方法。我无法控制输入过程。
例如,
用户输入:
& < < > >
如果编码则输出:
&amp; &lt; < > &gt;
将无法正确显示
如果未编码则输出:
& < < > >
这将无法正确验证
I'm using ASP.Net 4.0 with MVC 2. I'm recieving user content that may or may not be Html Encoded already. I've read http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx which was interesting but what I need is a way to ensure the content is encoded without double encoding. I don't have control of the input process.
E.g.
User Input:
& < < > >
Output if encoded:
& < < > >
Won't display correctly
Output if not encoded:
& < < > >
This won't validate correctly
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以对用户输入进行第一遍解码,然后重新编码结果。
这样,如果输入的某些值已经被编码,它们将被解码,并且您将能够对之后的所有内容进行编码。
->解码输入,你会得到:
->重新编码所有内容,您将得到:
You could make a first pass decoding user input, and then re-encode the result.
This way, if some values of the input are already encoded, they will get decoded, and you'll be able to encode everything after.
-> decode the input and you get:
-> re-encode everything and you get:
如果是我,我会只替换
<和>字符,而其他所有内容都保持不变。If it were me, I'd replace only the
<and>characters, leaving everything else intact.我认为您不会找到一个既适用于编码内容又适用于未编码内容的解决方案 - 我可以看到您可以可靠地执行此操作的唯一方法是指定内容是否已编码。否则,在某些情况下您会遇到问题,例如
您
可以尝试检测是否存在编码内容或 HTML 内容,但我上面的示例表明这并不总是万无一失的。
I don't think you will find a solution which will work automatically both for content that is encoded and not - the only way I can see where you can do this reliably is to specify whether the content has been encoded or not. Otherwise, you will run into problems in certain situations, e.g.
And
You can try detecting whether there is encoded content or HTML content present, but my examples above show that this will not always be infallible.