Server.Htmlen code性能与Regex.Replace对与string.replace [英] Server.Htmlencode performance versus Regex.Replace versus String.Replace

问题描述

这是一个ASP.NET应用程序最快？试图赶上调皮XSS / CSRF等等。

Which is fastest in an ASP.NET app? Trying to catch all manners of naughty XSS/CSRF and the like.

Server.HtmlEn code显示之前，与string.replace调用（陆续），或一个复杂的正则表达式后跟一个Regex.Replace？

Server.HtmlEncode before displaying, String.Replace calls (one after another), or a complicated regex followed by a Regex.Replace?

感谢您的任何信息

推荐答案

您将使用Server.HtmlEn code ......这不只是速度，但是的事实是技术是什么。这可能是因为你会在你的.Replace（）来忘记的事。更换（）。更换（这也是慢）。

You would use Server.HtmlEncode... it's not just the "speed", but the fact that that is what the technology is for. It's likely that you're going to forget something in your .Replace().Replace().Replace (which is also slower).

请即Server.HtmlEn code会做一个流穿过你的字符串，而.Replace（）。更换（）。更换（）将进行多次传递做同样的事情。

Keep in mind that "Server.HtmlEncode" will make one streaming pass through your string, whereas .Replace().Replace().Replace() will make multiple passes to do the same thing.

关于正则表达式 - 你将有正则表达式被解析，并在第一时间编译开销

Regarding the Regex - you're going to have the overhead the Regex being parsed and compiled in the first place.

这篇关于Server.Htmlen code性能与Regex.Replace对与string.replace的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！