堆栈内存溢出
  简体   繁体   English

将用户输入放入生成的javascript中的最佳方法?

[英]Best way to put user input into generated javascript?

 原文  2010-06-13 23:45:29       c#/ javascript/ encoding/ base64

问题描述

I need for someone to be able to put some text into a page and then this gets sent to the server, saved in the database, and else where this text is put into a javascript variable. 我需要有人能够将一些文本放入页面中,然后将其发送到服务器,保存在数据库中,否则将这些文本放入javascript变量中。

Basically like this: 基本上是这样的: 

Write("var myVar=\""+MyData+"\";");

What is the best way of escaping this data? 逃逸此数据的最佳方法是什么? Is there anything out there already to deal with things like ' and " and new lines? Is base64 my only option? 难道那里有什么已处理的事情像'"新线?采用Base64我唯一的选择?

My serverside framework/language is ASP.Net/C# 我的服务器端框架/语言是ASP.Net/C#

1 个解决方案

解决方案1
 0 已采纳  2010-06-14 00:00:13

You should use WPL : 您应该使用WPL 

Write("var myVar=" + Encoder.JavaScriptEncode(MyData, true) + ";");

if you don't want to reference the library, you can use the following function (adapted from the .Net source): 如果您不想引用该库,则可以使用以下功能(改编自.Net源代码): 

public static void QuoteString(this string value, StringBuilder b) {
    if (String.IsNullOrEmpty(value))
        return "";

    var b = new StringBuilder();
    int startIndex = 0;
    int count = 0;
    for (int i = 0; i < value.Length; i++) {
        char c = value[i];

        // Append the unhandled characters (that do not require special treament)
        // to the string builder when special characters are detected.
        if (c == '\r' || c == '\t' || c == '\"' || c == '\'' || c == '<' || c == '>' ||
            c == '\\' || c == '\n' || c == '\b' || c == '\f' || c < ' ') {
            if (b == null) {
                b = new StringBuilder(value.Length + 5);
            }

            if (count > 0) {
                b.Append(value, startIndex, count);
            }

            startIndex = i + 1;
            count = 0;
        }

        switch (c) {
            case '\r':
                b.Append("\\r");
                break;
            case '\t':
                b.Append("\\t");
                break;
            case '\"':
                b.Append("\\\"");
                break;
            case '\\':
                b.Append("\\\\");
                break;
            case '\n':
                b.Append("\\n");
                break;
            case '\b':
                b.Append("\\b");
                break;
            case '\f':
                b.Append("\\f");
                break;
            case '\'':
            case '>':
            case '<':
                AppendCharAsUnicode(b, c);
                break;
            default:
                if (c < ' ') {
                    AppendCharAsUnicode(b, c);
                } else {
                    count++;
                }
                break;
        }
    }

    if (b == null) {
        b.Append(value);
    }

    if (count > 0) {
        b.Append(value, startIndex, count);
    }

    return b.ToString();
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 防止XSS入侵(嵌入)用户生成的json的最佳方法? - Best way to prevent XSS hacking with (embedded)user generated json? 根据 C# 中的用户输入调用不同 API 的最佳方式? - Best way to call different APIs based on user input in C#? 在不停止GUI的情况下请求用户输入的最佳方法? - Best way to request user input without stalling the GUI? 让用户输入格式正确的URL的最佳方法是什么? - Best way to get a user to input a correctly-formatted URL? 保留用户生成函数的最佳模式? - Best Schema to Persist User Generated Functions? WPF 添加生成内容的最佳方式 - WPF Best way to add generated Content 验证货币输入的最佳方法? - Best way to validate currency input? 从循环中存储用户输入以在另一种方法中进行进一步操作的最佳方法 - Best way to store user input from loop for further operations in another method 有关解决问题的最佳方法的建议 - C# Windows 表单(列表框、文本框、用户输入) - Advice on best way to resolve issue - C# Windows forms (list boxes, text box, user input) 设置用户输入数据的时间限制的最佳方法是什么? (asp.net mvc) - What is the best way to set time boundries for user to input data? (asp.net mvc)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM