response.write 编码错误

发布于 2024-10-14 23:53:43 字数 498 浏览 1 评论 0原文

我的网络应用程序中有一个字符串字符串是这样的：

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

编码后（通过使用 Server.Encode() ）它显示以下内容：

`1234567890-=[]\\ ;&#39;,./\\~!@#$%^&amp;*()_+{}|:&quot;&lt;&gt;?|

这是正确的

但是，当我使用 Response.Write(theSecondExample) 时，结果是这样的

`1234567890-=[]\ ;&#39;,./\~!@#$%^&amp;*()_+{}|:&quot;&lt;&gt;?|

：缺少反斜杠！

怎么输出结果不是我预期的呢？我该如何预防？

原文

I have a string in a web application
The string is like this :

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

after encoding (by using Server.Encode() ) it show the following :

`1234567890-=[]\\ ;',./\\~!@#$%^&*()_+{}|:"<>?|

which is correct

However , when I use Response.Write(theSecondExample) the result is like this :

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

The backslashes are missing!

How can it be that the output is not what I expected? How can I prevent it?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

恬淡成诗 2024-10-21 23:53:43

没有错误 - 您正在调试器中验证字符串，它会自动转义字符串 - 例如 "Hello \ Goodbye" 将在调试器中显示为 "Hello \\ Goodbye".

也就是说，调试器的行为有所不同，具体取决于您查看字符串的方式（当然还有它是否是 C#/VB）：

将鼠标悬停在字符串上（最常见），您将在工具提示中获得转义版本
监视窗口/局部变量等显示转义版本
如果您选择“文本”可视化工具，您将看到未转义的版本 - 这就是您应该执行的操作来实际验证您的字符串。
Html 可视化工具的作用与它在罐头上所说的完全一样:)

更新

好的，我已经更进一步并启动了 VS2010，请创建一个测试项目并按照它进行。

[TestMethod]
public void TestMethod1()
{
  string a = @"`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:""<>?|";
  Console.WriteLine("Original:");
  Console.WriteLine("{0}", a);
  string htmlEncoded = System.Web.HttpUtility.HtmlEncode(a);
  Console.WriteLine("Html Encoded:");
  Console.WriteLine("{0}", htmlEncoded);
}

（显然，我最初使用了逐字字符串，以避免必须转义除双引号之外的任何内容）。

测试的控制台输出为：

Original:
`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|
Html Encoded:
`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

同样，如果您在测试结束时断点并开始使用可视化工具进行处理：

Hover (a)：

"`1234567890-=[]\\ ;',./\\~!@#$%^&*()_+{}|:\"<>?|"

即它是在工具提示中转义的 C# 并用引号括起来。

Hover (htmlEncoded):

"`1234567890-=[]\\ ;',./\\~!@#$%^&*()_+{}|:"<>?|"

.. 再次，它是 html 编码和 C# 用引号转义

Text (htmlEncoded):

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

.. 没有 c# 转义

Html ( htmlEncoded):

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

当然是用 Times New Roman 脚本:)

我相信这会让我们回到原始字符串 - 这也表明您所描述的场景不能情况就是如此 - 除非您将转义字符串视为“正确”，但实际上并非如此。 Html 不需要对 \ 进行转义。

There is no error - you're verifying the string in the debugger, which automatically escapes strings - e.g. "Hello \ Goodbye" will show in the debugger as "Hello \\ Goodbye".

That said, the debugger behaves differently depending on how you view a string (and also whether it's C#/VB of course):

Hover over a string (most common) you'll get the escaped version in a tooltip
Watch window/Locals etc also display escaped version
If you select the 'Text' visualiser you'll see the unescaped version - which is what you should do to actually verify your string.
Html visualiser does exactly what it says on the tin :)

Update

Okay, so I've gone a bit further and fired up VS2010, please create a test project and follow it through.

[TestMethod]
public void TestMethod1()
{
  string a = @"`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:""<>?|";
  Console.WriteLine("Original:");
  Console.WriteLine("{0}", a);
  string htmlEncoded = System.Web.HttpUtility.HtmlEncode(a);
  Console.WriteLine("Html Encoded:");
  Console.WriteLine("{0}", htmlEncoded);
}

(obviously I've used a verbatim string initially to avoid having to escape anything except the double quote).

Console output of the test is:

Original:
`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|
Html Encoded:
`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

Equally if you breakpoint the end of the test and start mucking about with the visualisers:

Hover (a):

"`1234567890-=[]\\ ;',./\\~!@#$%^&*()_+{}|:\"<>?|"

i.e. it's C# escaped in the tooltip and surrounded by quotes.

Hover (htmlEncoded):

"`1234567890-=[]\\ ;',./\\~!@#$%^&*()_+{}|:"<>?|"

.. again, it's html encoded and C# escaped with quotes

Text (htmlEncoded):

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

.. No c# escaping

Html (htmlEncoded):

`1234567890-=[]\ ;',./\~!@#$%^&*()_+{}|:"<>?|

In Times New Roman script of course :)

Which I believe takes us back to the original string - which also shows that the scenario you're describing can't be the case - unless you have read an escaped string as being "correct", when in fact it's not. Html doesn't require \ to be escaped.

回复收藏 0 原文

~没有更多了~