HTMLEditorExtender 在异步回发上对 img 标签进行编码
我正在使用标准 HTMLEditorExtender 控件(ajax 控件工具包的一部分)。在原始 pageLoad 中,我用 html 填充它(包括 >p<、>br<、>strong< 和 >img< 标签。它在 HTMLEditorExtender 控件中显示良好。 然后,当我执行异步回发(通过 updatepanel)时,所有 >img<标签显示为实际的 html,而不是显示图像。所有其他标签仍然正确显示。
异步回发后 HTMLEditorExtender 控件的标记如下: 在用于保存html编码值的不可见textarea中,所有正确显示的标签都被正常编码(即<和>),但img标签省略了编码值之前的&符号(即lt;和gt;)
更新:如果我将此代码放入 pageLoad 事件中,效果很好,但我担心这会带来什么安全隐患?
if (IsPostBack)
{
txtBookingConfirmation.Text = Server.HtmlDecode(txtBookingConfirmation.Text);
}
谁能告诉我如何防止控件这样做?
提前致谢
I'm using a standard HTMLEditorExtender control (part of the ajax control toolkit). In the original pageLoad I populate it with html (including >p<, >br<, >strong< and >img< tags. It displays fine in the HTMLEditorExtender control.
Then, when I do a async postback (through an updatepanel), all the >img< tags display as the actual html instead of displaying the image. All the other tags are still displaying correctly.
The markup of the HTMLEditorExtender control is as follows after the async postback:
In the invisible textarea used to keep the encoded value of the html, all the tags displaying correctly are encoded normally (i.e. < and >), but the img tags omit the ampersand before the encoded value (i.e. lt; and gt;)
UPDATE: it works fine if I put this code in my pageLoad event, but I'm wary of what security implications this has?
if (IsPostBack)
{
txtBookingConfirmation.Text = Server.HtmlDecode(txtBookingConfirmation.Text);
}
Can anyone please tell me how to prevent the control from doing this?
Thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这似乎是唯一的解决方案,并且还没有出现任何问题。
This seems to be the only solution and has not given any problems yet.
我也有同样的问题。每当我单击回发到页面的按钮时,HTMLEditorExtender 都会将文本框的内容更改为显示 HTML 标记的位置。看起来它正在替换所有的“&”与“&”。因此,例如,所有的“<”文本中的值正在更改为“<”。 “>”也会发生这种情况。我刚刚升级到2012年5月1日发布的AJAX工具包。不确定那是什么版本。
我必须在“&”中添加一个空格等等,因为他们在我的帖子上进行了渲染。当你看到这个的时候,把空格去掉就可以了。
I am having this same issue. Whenever I click a button that posts back to the page, the HTMLEditorExtender changes the contents of the textbox to where the HTML markup is showing. It looks like it is replacing all of the "&" with "& amp;". So, for instance, all of the "& lt;" values in the text are getting changes to "& amp;lt;". This is happening with the "& gt" too. I just upgraded to the AJAX toolkit that was released on 5/1/2012. Not sure what version that is.
I had to put a space in "& amp;" and the like since they were rendering on my post. Just take the space out when you look at this.