ASP.NET controls and AntiXss
https://stackoverflow.com/questions/12073666
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I'm doing some AntiXSS work. The user inputs some text which is then put through
Microsoft.Security.Application.Encoder.HtmlEncode();
and saved to the database.
This text can then be displayed in either a label or a textbox.
If I put the encoded text into the text property of a label it displays fine. If I assign it to the text property of a textbox it's displayed in it's encoded form.
How can I display the text correctly in the textbox and the label? Does the library offer any decode mechanisms?
Because of project requirements I cannot change either the library or the fact that it's encoded on the input.
해결책
You can use Server.HtmlDecode or HttpUtility.HtmlDecode.
다른 팁
You're doing it wrong. You should not HtmlEncode input and save it to database since there is no supported way to decode it. Rather you should save the raw information and encode it when displaying it.
