如何让HTML编码在我的ASPX页面中运行?

时间:2013-05-21 13:15:39

标签: c# asp.net visual-studio-2012

我在asp Gridvidiew中有以下代码:

<asp:HyperLink ID="hlPSTNNum"  CssClass="OrdRef" Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'  runat="server" ToolTip='please click here to view the full record details'
NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&amp;display1=IS%20Number&amp;display2=Supplier&amp;display3=Product&amp;display4=Supplier%20Order%20Number&amp;order1=order%20date&amp;pstnnum=" + Eval("PSTNNum")%>' />

我认为Visual Studio 2012正在查询查询字符串部分中的分号(来自“pstnnum =”+ Eval(“PSTNNum”)%&gt;'/&gt;“并且我试图用\来逃避它们)保持VS快乐,但浏览器在每次逃脱时留下一个斜杠。

不确定这里的最佳做法,因为我还在削减我的编码牙齿......

2 个答案:

答案 0 :(得分:0)

我认为更合适的方法是这样的:

<asp:HyperLink ID="hlPSTNNum"
    CssClass="OrdRef"
    Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
    runat="server"
    ToolTip='please click here to view the full record details'
    NavigateUrl='<%#Server.HtmlEncode("https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum"))%>' />

请注意Server.HtmlEncode的使用,然后使用您想要的实际值而不是直接编码的值。这将使在Visual Studio中构建变得容易,但确保在呈现时对其进行编码。

修改

经过对微软代码的更多研究后,我发现RenderContents类的基本HyperLink方法将为您编码。该方法在内部调用另一个名为ResolveClientUrl的方法,如下所示:

public string ResolveClientUrl(string relativeUrl)
{
    if (this.DesignMode && this.Page != null && this.Page.Site != null)
    {
        IUrlResolutionService urlResolutionService = (IUrlResolutionService)this.Page.Site.GetService(typeof(IUrlResolutionService));
        if (urlResolutionService != null)
        {
            return urlResolutionService.ResolveClientUrl(relativeUrl);
        }
    }
    if (relativeUrl == null)
    {
        throw new ArgumentNullException("relativeUrl");
    }
    string virtualPathString = VirtualPath.GetVirtualPathString(this.TemplateControlVirtualDirectory);
    if (string.IsNullOrEmpty(virtualPathString))
    {
        return relativeUrl;
    }
    string text = this.Context.Request.ClientBaseDir.VirtualPathString;
    if (!UrlPath.IsAppRelativePath(relativeUrl))
    {
        if (StringUtil.EqualsIgnoreCase(text, virtualPathString))
        {
            return relativeUrl;
        }
        if (relativeUrl.Length == 0 || !UrlPath.IsRelativeUrl(relativeUrl))
        {
            return relativeUrl;
        }
    }
    string to = UrlPath.Combine(virtualPathString, relativeUrl);
    text = UrlPath.AppendSlashToPathIfNeeded(text);
    return HttpUtility.UrlPathEncode(UrlPath.MakeRelative(text, to));
}

由于您的URL不是相对的,因此它应该一直到最后一行return语句,所以老实说,您根本不需要编码它。这会将您的代码更改为:

<asp:HyperLink ID="hlPSTNNum"
    CssClass="OrdRef"
    Text='<%# DataBinder.Eval(Container.DataItem, "PSTNNum")%>'
    runat="server"
    ToolTip='please click here to view the full record details'
    NavigateUrl='<%#"https://THE URL IS HERE Searches/advancedsearchresults.asp?supplierid=" + Eval("Supplierid") + "&display1=IS Number&display2=Supplier&display3=Product&display4=Supplier Order Number&order1=order date&pstnnum=" + Eval("PSTNNum")%>' />

答案 1 :(得分:0)

不是100%确定这是否有效,但asp.net 4.5有&lt;%#:自动编码。您可以尝试并查看它是否有效,只需将&lt;%#更改为&lt;%#:

即可
相关问题
最新问题