ASP.NET MVC Textarea HTML 帮助器在使用 AntiXssLibrary 时添加行
我注意到 ASP.NET MVC 的 TextAreaFor HTML 帮助程序中有一个最烦人的(可能的)错误。由于某种原因,HTML 帮助程序会在文本区域中的任何内容之前添加换行符。显然,这是为了解决个人内容故意以新行开头而浏览器根据规范忽略它的可能问题。
然而,通过添加它,我得到了一个更烦人的错误,现在在我的所有文本区域中,在表单加载的任何内容之前自动有一个额外的行(即,这显示在我的字段中的任何内容之前: )。看起来有些东西在吐出之前正在对“换行符”进行编码。
有人有解决方法吗?我希望它的预期行为是打印出来
<textarea>
Stuff</textarea>
而不是
<textarea> Stuff</textarea>
我得到的...
编辑 经过进一步检查,这似乎是由于我使用 AntiXssLibrary 进行编码而不是默认的 HtmlEncoder。我使用的是 4.0 版本,我的编码器类方法如下所示:
protected override void HtmlEncode(string value, TextWriter output)
{
output.Write(Microsoft.Security.Application.Encoder.HtmlEncode(value));
}
所以我的想法是,由于从 TextAreaHelper 调用的 TagBuilder 类,HTML 对标签的内容进行编码,因此它假设默认 HTML 编码器的行为,但是 AntiXssLibrary 更彻底,因此您看到了这种行为吗?
I've noticed a most annoying (possible) bug in ASP.NET MVC's TextAreaFor HTML helper. For some reason, the HTML helper adds a NewLine before any content in the textarea. Apparently, this is to combat the possible issue of an individual's content beginning with a new line on purpose, and the browser ignoring it as per spec.
However, by adding it, I get the MUCH more annoying bug that now in all of my textareas automatically have an extra line before any content on form load (i.e. this shows up before any content in my field: ). It would appear that something is encoding the "newline" before spitting it out.
Anyone have a workaround for this? I'd expect that the intended behavior is for it to print out
<textarea>
Stuff</textarea>
not the
<textarea>
Stuff</textarea>
I'm getting...
Edit
Upon further inspection, it appears this is due to my using the AntiXssLibrary for encoding instead of the default HtmlEncoder. I am using version 4.0, and my encoder class method looks like this:
protected override void HtmlEncode(string value, TextWriter output)
{
output.Write(Microsoft.Security.Application.Encoder.HtmlEncode(value));
}
So my THOUGHT is that since the TagBuilder class, which is called from the TextAreaHelper, HTML encodes the contents of the tag, it is ASSUMING the behavior of the default HTML encoder, but the AntiXssLibrary is more thorough, and thus you see this behavior?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过一些代码挖掘后,我发现我的想法是正确的。 MVC3 TextArea HTML Helper 使用 TagBuilder 类,并执行以下操作:
当 SetInnerText 对传递给它的参数内容调用 HttpUtility.Encode 时,这会导致不仅在实际 VALUE 上调用默认编码器,而且在此环境上调用默认编码器.NewLine 也是如此,这意味着如果您不使用默认的 HtmlEncoder(例如 AntiXssLibrary),可能会出现一些意外的行为,如下所示。
修复方法是让他们拨打:
我已经提交了错误报告。
与此同时,我正在实施 Javascript onLoad 修复,以从所有文本区域中删除有问题的编码:
After doing some code digging, I've found that my thought is correct. The MVC3 TextArea HTML Helper uses the TagBuilder class, and does the following:
As SetInnerText calls HttpUtility.Encode on the contents of the argument passed to it, this results in the default encoder being called not just on the actual VALUE, but on this Environment.NewLine as well, meaning that if you aren't using the default HtmlEncoder (like the AntiXssLibrary instead), there could be some unexpected behavior, like this.
The fix would be for them to instead call:
I have submitted a bug report.
In the mean time, I am implementing a Javascript onLoad fix to remove the offending encoding from all textareas: