如何在asp.net web.config httpRuntime for 3.5框架中编写
此属性是 .NET Framework 4.0 版本中的新属性。我在 4.0 版本的 .Net Framework 的解决方案中有 web.config 文件
<system.web>
<httpRuntime encoderType="Web.AntiXss.AntiXssEncoder, Web.AntiXss"/>
,这效果很好,但如果我将版本更改为 3.5,我会得到此错误
Unrecognized attribute 'encoderType'. Note that attribute names are case-sensitive.
编码器类型属性仅在 4.0 版本中,我怎样才能将其重写为3.5?
编辑
或者我如何在 .net 3.5 项目中使用 microsoft AntiXss 库?
我将这篇文章用于.net 4.0
http:// /haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这仅适用于.Net4
您必须明白,这是从 Net4 核心调用的函数的内部更改,该函数在 net 3.5 及更低版本中不存在,所以这不是他们编写的方式,它们只是不存在。
参考:
http://msdn.microsoft.com/en -us/library/system.web.configuration.httpruntimesection.encodertype.aspx
一些更多信息
这个参数实际上是一个替换类System.Web.Util.HttpEncoder 也存在于Net 3.5,但没有核心替换它的选项。
System.Web.Util.HttpEncoder已准备就绪,非常强大,并且 Net.4 实际上插入了更多功能。通过用AntiXccEncoder替换它,也许您可以获得更多控制权,但如果没有,那么也不是世界末日(由 HG Wells 撰写)。另外,我检查是否可以使用某些代码来替换此调用,在我看来不可能,因为这在太多点上被调用,例如它对所有控件属性的调用!,在 url 调用,在 html 渲染上,以及它的所以Net4 内部原生的,不值得编写这么多代码来将 HttpEncoder 更改为 AntiXccEncoder。
也许您需要关注您可能担心受到攻击的页面代码,并确保正确处理输入数据。
This is only for .Net4
You must understand that this is an inside change of a function that are called from the core of Net4, this function is not exist on net 3.5 and lower, so its not how they write it, they just not exist.
reference:
http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx
Some more informations
This parametre actually is an option to replace the class System.Web.Util.HttpEncoder that also exist on Net 3.5, but with out the option of core replace it.
The
System.Web.Util.HttpEncoderis all ready very power full, and the Net.4 actually insert some more features. By replace it with theAntiXccEncodermaybe you get some more control but if not, then is not the end of the world (by HG Wells).Also I check if its possible with some code to replace this call, and seems to me not possible because this is called on too many points, for example its calling on all control attributes !, on url call, on html render, and its so native inside Net4 that is not worth to make so many code to change the HttpEncoder to AntiXccEncoder.
Maybe you need to focus on the page code that you may afraid for attack and be soure to handle the input data correct.
如果您使用的是 4.5 之前的 .NET 版本,则需要下载该库并将其包含为项目的引用,然后使用较早的库名称进行编码类型设置,如下所示。
If you are using a version of .NET earlier than 4.5, you will need to download and include the library as a reference to your project, and then use the earlier library name for the encodeType setting as shown below.