<script language = 'javascript'> alert ('asdf'); </ script> - .NET Development Forum

ygyemo · Post time: 2020-6-7 11:00:01

Text filtering problem
I have seen such as: str.Replace("script","")...
Think this is bad
Wouldn’t it be better if it could keep the content as it was and was not vulnerable to script attacks?
Expert advice~!~1

xuluwei8 · Post time: 2020-6-8 17:30:01

Replaced <>

ygyemo · Post time: 2020-6-8 20:45:01

I thought about this too!
but
After storing in the database, then what to do when it is read on the page

niaobiede · Post time: 2020-6-12 09:00:01

Use htmlencode and htmldecode to protect against attacks

dingbiao · Post time: 2020-6-12 17:15:01

"<" ==> "<"
">" ==> ">"
I’m not afraid of the replacement

ygyemo · Post time: 2020-6-13 09:30:01

Thanks upstairs

I want to be a text editor
Just like the text box when replying in verysource, you can output the input content in the original format

Normal text box has no line breaks

江南小色 · Post time: 2020-6-23 10:45:01

This trouble, you must have a dictionary of html encoding corresponding to special characters.
Refer to the source code of freetextbox.

江南小色 · Post time: 2020-6-23 18:45:01

I mean ‘output the input content in the original format’. If it’s just a carriage return or line feed, it’s another matter.

ygyemo · Post time: 2020-6-24 18:30:01

solved
Just process the input characters
Thank you all

		Remember me	Forgot password?
Password			Register