如何让HTML编码在ASPX页面中工作?

本文关键字:工作 ASPX HTML 编码 | 更新日期: 2023-09-27 18:14:44

我有以下代码在一个asp gridview:

<asp:HyperLink ID="hlPSTNNum"  CssClass="OrdRef" Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'  runat="server" ToolTip='please click here to view the full record details'
NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&amp;display1=IS%20Number&amp;display2=Supplier&amp;display3=Product&amp;display4=Supplier%20Order%20Number&amp;order1=order%20date&amp;pstnnum=" + Eval("PSTNNum")%>' />

我认为Visual Studio 2012正在播放关于查询字符串部分的分号(从"pstnnum="+ Eval("pstnnum")%>'/>",我试图用'(这使VS快乐)来逃避它们,但浏览器在每个escape中留下一个斜杠。

不确定这里的最佳实践,因为我仍然在磨练我的编码经验…

如何让HTML编码在ASPX页面中工作?

我认为更合适的方法是这样的:

<asp:HyperLink ID="hlPSTNNum"
    CssClass="OrdRef"
    Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
    runat="server"
    ToolTip='please click here to view the full record details'
    NavigateUrl='<%#Server.HtmlEncode("https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum"))%>' />

注意使用Server.HtmlEncode,然后使用您想要的实际值,而不是直接编码的值。这将使在Visual Studio中构建更容易,但要确保它在渲染时被编码。

<标题>编辑

在对微软的代码进行了更多的研究之后,我发现HyperLink类的基本RenderContents方法将为您编码此内容。该方法在内部调用另一个名为ResolveClientUrl的方法,它看起来像这样:

public string ResolveClientUrl(string relativeUrl)
{
    if (this.DesignMode && this.Page != null && this.Page.Site != null)
    {
        IUrlResolutionService urlResolutionService = (IUrlResolutionService)this.Page.Site.GetService(typeof(IUrlResolutionService));
        if (urlResolutionService != null)
        {
            return urlResolutionService.ResolveClientUrl(relativeUrl);
        }
    }
    if (relativeUrl == null)
    {
        throw new ArgumentNullException("relativeUrl");
    }
    string virtualPathString = VirtualPath.GetVirtualPathString(this.TemplateControlVirtualDirectory);
    if (string.IsNullOrEmpty(virtualPathString))
    {
        return relativeUrl;
    }
    string text = this.Context.Request.ClientBaseDir.VirtualPathString;
    if (!UrlPath.IsAppRelativePath(relativeUrl))
    {
        if (StringUtil.EqualsIgnoreCase(text, virtualPathString))
        {
            return relativeUrl;
        }
        if (relativeUrl.Length == 0 || !UrlPath.IsRelativeUrl(relativeUrl))
        {
            return relativeUrl;
        }
    }
    string to = UrlPath.Combine(virtualPathString, relativeUrl);
    text = UrlPath.AppendSlashToPathIfNeeded(text);
    return HttpUtility.UrlPathEncode(UrlPath.MakeRelative(text, to));
}

因为你的URL不是相对的,它应该落在最后一行,return语句,所以老实说,你不应该编码它。这会将您的代码更改为:

<asp:HyperLink ID="hlPSTNNum"
    CssClass="OrdRef"
    Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
    runat="server"
    ToolTip='please click here to view the full record details'
    NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum")%>' />

不能100%确定这是否会工作,但是asp.net 4.5有<%#:自动编码。你可以试试,看看效果如何,把<%#改成<%#:

相关文章: