防止.net 4脚本注入的新代码 [英] New code to prevent script injection for .net 4

问题描述

在谷歌(Scott Gu)的博客中，建议使用新代码来保护Web表单.链接为:
谢谢

In Scott Gu''s blog, new code is recommended to secure web forms. Link is: http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx[^]

I don''t understand how to apply this to my Contact Us form in Visual Studio 2010. Sorry, I''m not knowledgeable on c#, but have a form I downloaded from the internet and want to be sure it is secure.

thanks

推荐答案

如果您不了解C#，那么很显然，您不应该使用将要使用的任何安全形式任何人.但是，本文非常简单.如果您在表单中使用了<％=，则将其替换为<％:(似乎不太可能).

If you don''t know C# then it''s plain you should not be working on any sort of secure form that is going to be used by anyone. However, this article is very straightforward. You replace <%= with <%:, if it''s used in your form ( doesn''t seem likely ).

这篇关于防止.net 4脚本注入的新代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！