AntiXss.HtmlEncode警告:此方法已被弃用。 请改用Encoder.HtmlEncode()
[英]AntiXss.HtmlEncode warning :This method has been deprecated. Please use Encoder.HtmlEncode() instead
问题描述
I'm trying to Use Microsoft AntiXss.HtmlEncode while merging html tags with server side scripting. 
我试图在将HTML标记与服务器端脚本合并时使用Microsoft AntiXss.HtmlEncode 。
Default.aspx Default.aspx
<h1><asp:Literal ID="litHeader" runat="server" /></h1>
Default.aspx.cs Default.aspx.cs
litHeader.Text = AntiXss.HtmlEncode(dt.Rows[0]["Header"].ToString());
I keep getting the following warning in my project: 我在我的项目中不断收到以下警告:
'Microsoft.Security.Application.AntiXss.HtmlEncode(string)' is obsolete: 'This method has been deprecated.
It is just a warning, do you think it will make any security issues in the future? 这只是一个警告,您认为将来会出现任何安全问题吗?
1 个解决方案
解决方案1
2 2017-01-31 21:37:08
Microsoft has two "AntiXss" packages, the original AntiXss library which was on CodePlex and a newer one with is built into ASP.Net 4.5+ ( https://msdn.microsoft.com/en-us/library/system.web.security.antixss(v=vs.110).aspx ). 微软有两个“ AntiXss”软件包,原始的AntiXss库位于CodePlex上,而更新的库则内置于ASP.Net 4.5+( https://msdn.microsoft.com/zh-cn/library/system.web。 security.antixss(v = vs.110).aspx )。 It's possible that they are trying to let you know they aren't maintaining the original. 他们可能会试图让您知道他们没有保留原始文件。
In an effort to make the transition easy (Not!) they have changed the namespace (to System.Web.Security.AntiXss) and method signatures. 为了使转换变得容易(Not!),他们更改了名称空间(更改为System.Web.Security.AntiXss)和方法签名。 They also eliminated some functionality (eg, removing HtmlAttributeEncode(string) and just leaving HtmlAttributeEncode(string, TextWriter)) 他们还消除了一些功能(例如,删除HtmlAttributeEncode(string)并仅保留HtmlAttributeEncode(string,TextWriter))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.