如何让HTML编码在ASPX页面中工作?
本文关键字:工作 ASPX HTML 编码 | 更新日期: 2023-09-27 18:14:44
我有以下代码在一个asp gridview:
<asp:HyperLink ID="hlPSTNNum" CssClass="OrdRef" Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>' runat="server" ToolTip='please click here to view the full record details'
NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS%20Number&display2=Supplier&display3=Product&display4=Supplier%20Order%20Number&order1=order%20date&pstnnum=" + Eval("PSTNNum")%>' />
我认为Visual Studio 2012正在播放关于查询字符串部分的分号(从"pstnnum="+ Eval("pstnnum")%>'/>",我试图用'(这使VS快乐)来逃避它们,但浏览器在每个escape中留下一个斜杠。
不确定这里的最佳实践,因为我仍然在磨练我的编码经验…
我认为更合适的方法是这样的:
<asp:HyperLink ID="hlPSTNNum"
CssClass="OrdRef"
Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
runat="server"
ToolTip='please click here to view the full record details'
NavigateUrl='<%#Server.HtmlEncode("https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum"))%>' />
注意使用Server.HtmlEncode
,然后使用您想要的实际值,而不是直接编码的值。这将使在Visual Studio中构建更容易,但要确保它在渲染时被编码。
在对微软的代码进行了更多的研究之后,我发现HyperLink
类的基本RenderContents
方法将为您编码此内容。该方法在内部调用另一个名为ResolveClientUrl
的方法,它看起来像这样:
public string ResolveClientUrl(string relativeUrl)
{
if (this.DesignMode && this.Page != null && this.Page.Site != null)
{
IUrlResolutionService urlResolutionService = (IUrlResolutionService)this.Page.Site.GetService(typeof(IUrlResolutionService));
if (urlResolutionService != null)
{
return urlResolutionService.ResolveClientUrl(relativeUrl);
}
}
if (relativeUrl == null)
{
throw new ArgumentNullException("relativeUrl");
}
string virtualPathString = VirtualPath.GetVirtualPathString(this.TemplateControlVirtualDirectory);
if (string.IsNullOrEmpty(virtualPathString))
{
return relativeUrl;
}
string text = this.Context.Request.ClientBaseDir.VirtualPathString;
if (!UrlPath.IsAppRelativePath(relativeUrl))
{
if (StringUtil.EqualsIgnoreCase(text, virtualPathString))
{
return relativeUrl;
}
if (relativeUrl.Length == 0 || !UrlPath.IsRelativeUrl(relativeUrl))
{
return relativeUrl;
}
}
string to = UrlPath.Combine(virtualPathString, relativeUrl);
text = UrlPath.AppendSlashToPathIfNeeded(text);
return HttpUtility.UrlPathEncode(UrlPath.MakeRelative(text, to));
}
因为你的URL不是相对的,它应该落在最后一行,return
语句,所以老实说,你不应该编码它。这会将您的代码更改为:
<asp:HyperLink ID="hlPSTNNum"
CssClass="OrdRef"
Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
runat="server"
ToolTip='please click here to view the full record details'
NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum")%>' />
标题>不能100%确定这是否会工作,但是asp.net 4.5有<%#:自动编码。你可以试试,看看效果如何,把<%#改成<%#: