HttpUtility.HtmlEncode验证用户条目 [英] HttpUtility.HtmlEncode to validate user entries
问题描述
在将数据存储到数据库之前,我正在尝试验证网页上的用户输入(自由文本)。该网站是使用非常规的asp.net编写的,因为它是从经典的asp升级而来的。
I am trying to validate user inputs (free text) on a web page before the data is stored in the database. The site's written using unconvensional asp.net, as it was largely upgraded from classic asp.
我想确保/或防止用户输入带有无效字符的文本值这样的HTML。此刻,如果提交了页面,则会崩溃。
I want to make sure / or protect users from entering text values along with invalid characters such html. At the moment, if the page is submitted it crashes.
我应该使用HttpUtility.HtmlEncode来更正每个文本框条目吗?听起来可行吗?
Should I use the HttpUtility.HtmlEncode to correct each text box entry? Does this sound feasible?
预先感谢。
推荐答案
是
从安全角度来看,您可以做的最重要的一件事情就是确保正确编码所有类型的数据。
One of the most important things you can do from a security perspective is to ensure you're encoding all types of data appropriately.
存储存储在Web表单中的HTML 时,您不再希望将其解释为HTML 。 HttpUtility.HtmlEncode 确保会发生这种情况,所以可以您需要使用它。
When you're storing HTML that has been put into a web form you no longer want it to be interpreted as HTML. HttpUtility.HtmlEncode ensures this happens, so yes you need to use it.
这篇关于HttpUtility.HtmlEncode验证用户条目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!