如何编码一个URL使其“XML安全”,其中查询字符串中的“&”不会破坏XML?
例:
www.somedomain.com/SomePage.aspx?SomeParam=SomeValue&SomeParam2=SomeVal
简短的回答是将URL编码,就像在文档中编码任何其他文本一样。如果您按照以下方式替换字符,就不会出错:
& -> &
-> '
" -> "
< -> <
> -> >
(使用符合规范的解析器阅读文档的任何人都将获得正确的、即未编码的文本。)
然而,我想重申Anthony的评论:为什么你认为你需要担心这个问题?任何明智的XML编写系统都应该将你想要表示的文本进行编码(就像解析器将撤销编码一样)。你的应用程序只需处理未编码的文本,它应该依赖于XML编写库来处理字符编码和保留规范性。否则,你会冒着被称为傻瓜的风险。看起来,XmlTextWriter是 .net API,可以进行所有必要的更改。
AntiXSS 库有一个 XmlEncode 方法,您可以使用。
In my webpages I have references to js and images as such: "../../Content/Images/"Filename" In my code if I reference a file as above, it doesnt work so i have to write: "c:/miscfiles/"filename" 1-...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
I m looking for best practices here. Sorry. I know it s subjective, but there are a lot of smart people here, so there ought to be some "very good" ways of doing this. I have a custom object called ...
I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...
i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...
For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!