如何处理TextBox中的Html输入 [英] How to handle Html inputs in the TextBox

问题描述

我有一个要求，用户可以在ASP.NET TextBox中输入HTML标签。文本框的值将被保存在数据库中，然后我们需要在其他页面上显示他输入的
。为此，我在Page指令中设置了 ValidateRequest =false。
现在问题是，当用户输入如下所示：

 < script> window.location ='http://www.xyz.com'; < /脚本> 
  

现在它的值保存在数据库中，但是当我在其他页面显示其值时，它重定向我到http://www.xyz.com这是明显的
作为javascript捕捉它。但我需要找到一个解决方案，因为我需要准确显示他输入的内容。
我在考虑Server.HtmlEncode。你能指导我为我的要求提供一个方向吗？解决方案总是始终对用户的输入进行编码，然后才能坚持下去在你的数据库中。你可以通过执行

  Server.HtmlEncode（userinput）
  pre> 
 
 
现在，当显示内容给用户时，解码用户输入并将其显示在屏幕上： 
 
 
  Server.HtmlDecode（userinput）
  
 
I have a requirement that user can input HTML tags in the ASP.NET TextBox. The value of the textbox will be saved in the database and then we need to show it 
on some other page what he had entered. SO to do so I set the ValidateRequest="false" on the Page directive.
Now the problem is that when user input somthing like :
<script> window.location = 'http://www.xyz.com'; </script>
Now its values saved in the database, but when I am showing its value in some other page It redirects me to "http://www.xyz.com" which is obvious 
as the javascript catches it. But I need to find a solution as I need to show exactly what he had entered.
I am thinking of Server.HtmlEncode. Can you guide me to a direction for my requirement
解决方案
Always always always encode the input from the user and then and only then persist in your database. You can achieve this easily by doing 
Server.HtmlEncode(userinput) 
Now, when it come time to display the content to the user decode the user input and put it on the screen: 
Server.HtmlDecode(userinput)


                        
这篇关于如何处理TextBox中的Html输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！