摘要:
Default.aspxDefault.aspx˂!DOCTYPEhtmlPUBLIC"-//W3C//DTDXHTML1.0Transitional//EN""http://www.w3.o
<%@PageValidateRequest="false"Language="C#"AutoEventWireup="true"CodeFile="Default.aspx.cs"Inherits="test_Default"%><!DOCTYPEhtmlPUBLIC"-//W3C//DTDXHTML1.0Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><htmlxmlns="http://www.w3.org/1999/xhtml"><headrunat="server"><title>asp.net(C#)编码解码(HtmlEncode与HtmlEncode)</title></head><body><formid="form1"runat="server"><div><asp:LabelID="lblShow"runat="server"Text="Label"></asp:Label><asp:TextBoxID="txtInput"runat="server"Height="194px"TextMode="MultiLine"Width="305px"></asp:TextBox><asp:ButtonID="btnOk"runat="server"Text="提交"OnClick="btnOk_Click"/></div></form></body></html>
Default.aspx.csusingSystem;
usingSystem.Data;
usingSystem.Configuration;
usingSystem.Collections;
usingSystem.Web;
usingSystem.Web.Security;
usingSystem.Web.UI;
usingSystem.Web.UI.WebControls;
usingSystem.Web.UI.WebControls.WebParts;
usingSystem.Web.UI.HtmlControls;
/***********************编码研究***********************
*1.默认情况是不允许用户在TextBox中输入html标签的,
*如果需要输入,设置Page的ValidateRequest="false"
*2.可以把输入的html标签,比如<input>直接存放在数据库中,
*只是在输出的时候编码,防止原样输出打乱页面布局.或者呈现html元素.
*****************************************************/publicpartialclasstest_Default:System.Web.UI.Page
{
protectedvoidPage_Load(objectsender,EventArgse)
{
}
protectedvoidbtnOk_Click(objectsender,EventArgse)
{
lblShow.Text=htmlEncode(txtInput.Text);
}
///<summary>///对输入的html编码,同时对回车与空格进行转换
///</summary>///<paramname="str"></param>///<returns></returns>publicstringhtmlEncode(stringstr)
{
returnServer.HtmlEncode(str).Replace("\n","<br/>").Replace("","");
}
}
usingSystem.Data;
usingSystem.Configuration;
usingSystem.Collections;
usingSystem.Web;
usingSystem.Web.Security;
usingSystem.Web.UI;
usingSystem.Web.UI.WebControls;
usingSystem.Web.UI.WebControls.WebParts;
usingSystem.Web.UI.HtmlControls;
/***********************编码研究***********************
*1.默认情况是不允许用户在TextBox中输入html标签的,
*如果需要输入,设置Page的ValidateRequest="false"
*2.可以把输入的html标签,比如<input>直接存放在数据库中,
*只是在输出的时候编码,防止原样输出打乱页面布局.或者呈现html元素.
*****************************************************/publicpartialclasstest_Default:System.Web.UI.Page
{
protectedvoidPage_Load(objectsender,EventArgse)
{
}
protectedvoidbtnOk_Click(objectsender,EventArgse)
{
lblShow.Text=htmlEncode(txtInput.Text);
}
///<summary>///对输入的html编码,同时对回车与空格进行转换
///</summary>///<paramname="str"></param>///<returns></returns>publicstringhtmlEncode(stringstr)
{
returnServer.HtmlEncode(str).Replace("\n","<br/>").Replace("","");
}
}