HttpUtility.HtmlEncode验证用户条目 [英] HttpUtility.HtmlEncode to validate user entries

问题描述

在将数据存储到数据库之前，我正在尝试验证网页上的用户输入（自由文本）。该网站是使用非常规的asp.net编写的，因为它是从经典的asp升级而来的。

I am trying to validate user inputs (free text) on a web page before the data is stored in the database. The site's written using unconvensional asp.net, as it was largely upgraded from classic asp.

我想确保/或防止用户输入带有无效字符的文本值这样的HTML。此刻，如果提交了页面，则会崩溃。

I want to make sure / or protect users from entering text values along with invalid characters such html. At the moment, if the page is submitted it crashes.

我应该使用HttpUtility.HtmlEncode来更正每个文本框条目吗？听起来可行吗？

Should I use the HttpUtility.HtmlEncode to correct each text box entry? Does this sound feasible?

预先感谢。

推荐答案

是

从安全角度来看，您可以做的最重要的一件事情就是确保正确编码所有类型的数据。

One of the most important things you can do from a security perspective is to ensure you're encoding all types of data appropriately.

存储存储在Web表单中的HTML 时，您不再希望将其解释为HTML 。 HttpUtility.HtmlEncode 确保会发生这种情况，所以可以您需要使用它。

When you're storing HTML that has been put into a web form you no longer want it to be interpreted as HTML. HttpUtility.HtmlEncode ensures this happens, so yes you need to use it.

这篇关于HttpUtility.HtmlEncode验证用户条目的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！