html-encode

问题 How do I properly encode JavaScript in the following context: <html> ... <script type="text/javascript"> var settings = @Html.PleaseEncode(settings.ToJson()); // ... </script> </html> The values in my JSON objects are set by the application administrator, so I assume they need properly encoded -- both for HTML and JavaScript. I'm using System.Web.Script.Serialization.JavaScriptSerializer to do the JSON encoding. It looks like JavaScriptSerializer does some encoding as it outputs the text

问题 I'm adding some meta description data to my header like so: HtmlMeta meta = new HtmlMeta(); meta.Name = "description"; meta.Content = description; // this is unencoded page.Header.Controls.Add(meta); And .net helpfully encodes things like & and <, but not >. Now, I can't imagine that this would be an oversight, so I conclude that it's unnecessary to escape them. But before I go back to the client with that answer, it would be nice to get confirmation by Some Strangers From The Intarwebs first

问题 I wanted to add a confirmation box to my ImageButton, so I have the following: btn.Attributes.Add("onclick", "return confirm('OK to delete this district from the consultant\'s list?');"); But then .NET html-encodes the whole thing so it comes out in the HTML as: onclick="return confirm('OK to delete this district from the consultant's list?');" so the apostrophe in "consultant's" looks the same as the apostrophes surrounding the confirm parameter, and javascript gets all confused, and the

问题 I'm working on a validation script, but I'm running into a very particular issue. If a user enters a string that happens to be an encoded html character (like & or & ), it will output as the character (& in this case). My question is this: is it possible to write a function that detemines if a string is an encoded character? So if the user enters one of the two above options, I want to launch a particular function, and if it's a non-encoded character, I want to do something else. Is there a

问题 I have a erlang string which may contain characters like & " < and so on: 1> Unenc = "string & \"stuff\" <". ok Is there a Erlang function somewhere that parses the string and encodes all the needed HTML/XML entities, such as: 2> Enc = xmlencode(Unenc). "string & "stuff" <". ? My use case is for relatively short strings, which come from user input. The output strings of the xmlencode function will be the content of XML attributes: <company name="Acme & C." currency="€" /> The final XML will

问题 I take user input into a text area, store it and eventually display it back to the user. In my View (Razor) I want to do something like this... @Message.Replace("\n", "</br>") This doesn't work because Razor Html Encodes by default. This is great but I want my line breaks. If I do this I get opened up to XSS problems. @Html.Raw(Message.Replace("\n", "</br>")) What's the right way to handle this situation? 回答1: Use HttpUtility.HtmlEncode then do the replace. @Html.Raw(HttpUtility.HtmlEncode

问题 I'm looking for a simple way to HTML encode a string/object in Perl. The fewer additional packages used the better. 回答1: HTML::Entities is your friend here. use HTML::Entities; my $encoded = encode_entities( "foo & bar & <baz>" ); 回答2: When this question was first answered, HTML::Entities was the module most people probably used. It's pure Perl and by default will escape the HTML reserved characters ><'"& and wide characters. Recently, HTML::Escape showed up. It has both XS and pure Perl. If

问题 Should HTML be encoded before being stored in say, a database? Or is it normal practice to encode on its way out to the browser? Should all my text based field lengths be quadrupled in the database to allow for extra storage? Looking for best practice rather than a solid yes or no :-) 回答1: Is the data in your database really HTML or is it application data like a name or a comment that you just happen to know will end up as part of an HTML page? If it's application data, I think its best to:

问题 Html.Encode seems to simply call HttpUtility.HtmlEncode to replace a few html specific characters with their escape sequences. However this doesn't provide any consideration for how new lines and multiple spaces will be interpretted (markup whitespace). So I provide a text area for the a user to enter a plain text block of information, and then later display that data on another screen (using Html.Encode ), the new lines and spacing will not be preserved. I think there are 2 options, but

问题 This question already has answers here : Closed 6 years ago . Possible Duplicate: JavaScript/jQuery HTML Encoding I have html tags need to be encoded. <b>test</b> I need to encode it to : <b>test</b> I am using escape, but it doesn't work. document.write(escape("<b>test</b>")); the result I got is %3Cb%3Etest%3C/b%3E this is not what I expected. is there another way to do html encode using javascript? 回答1: var html = "<b>test</b>"; var result = html.replace(/</g,"<").replace(/>/g,">"); 来源：