asp.net mvc标签:<%:%>与<%=%>
[英]asp.net mvc tags: <%: %> vs. <%= %>
问题描述
As far as I can tell, both of these tag types do the same thing. 
据我所知,这两种标签类型都做同样的事情。 Which is preferred to use? 哪个更好用?
5 个解决方案
解决方案1
8 2010-09-26 18:03:12
It calls an HtmlEncode on the value 它在值上调用HtmlEncode
See ScottGu's blog for more info. 有关详细信息,请参阅ScottGu的博客 。
解决方案2
4 2010-09-26 18:04:57
They are not the same: 他们是不一样的:
<%=%> is the same as `Response.Write`
<%:%> adds `Server.HtmlEncode` to `Response.Write`
Hence, <%:%> is preferred (added since .NET 4.0), as it adds the security measure of encoding the output before outputting the string. 因此, <%:%>是首选(自.NET 4.0以来添加),因为它在输出字符串之前添加了对输出进行编码的安全措施。
If you are using .NET 3.5 or before, best practice is to use <%=Server.HtmlEncode(val)%> . 如果您使用的是.NET 3.5或更早版本,最佳做法是使用<%=Server.HtmlEncode(val)%> 。
解决方案3
2 2010-09-26 18:04:55
<%: %>将是首选,因为它会自动对HTML进行编码,但它仅适用于.NET 4。
解决方案4
2 2010-09-26 18:06:12
<%: someString %>
就好像
<%= HttpUtility.HtmlEncode(someString) %>
解决方案5
2 2010-09-26 18:06:25
You use " <%:" when you need to sanitize the string (ie from something that was inputed by an user and can be potentially malicious) 当您需要清理字符串时(即来自用户输入的内容并且可能具有恶意性),您可以使用“<%:”
Basically <&= just writes as string as it is to the HTML and <%: is the same as writing <%= Html.Encode("something") %> 基本上<&=只是写为字符串,而不是HTML和<%:与写<%= Html.Encode(“something”)%>相同
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.