ASP.NET Textbox省略双引号后的字符串
[英]ASP.NET Textbox omits the string after the double quote
问题描述
I have added an ASP.NET Textbox in my page and i do have next and previous button. 
我在页面中添加了一个ASP.NET文本框,并且确实有下一个和上一个按钮。 I entered string, say Hello "World" in the textbox. 我输入了字符串,在文本框中说Hello“ World” 。 I clicked on next button which will show the review page(non-editable), all the datas are stored in the sessioin. 我单击了下一步按钮,它将显示审阅页面(不可编辑),所有数据都存储在sessioin中。 After this i am clicking on the previous button which should show me the entry fields(edit page). 之后,我单击上一个按钮,该按钮应该显示输入字段(编辑页面)。 During this, i am getting the datas from the session and showing it back to the ASP.NET textbox. 在此期间,我从会话中获取数据并将其显示回ASP.NET文本框。
When i see the page, what ever entered after double quotes is getting removed from the ASP.NET textbox. 当我看到该页面时,双引号之后输入的内容将从ASP.NET文本框中删除。 that is, i can only see Hello . 也就是说,我只能看到Hello 。
My requirement is like, i should allow the users to enter double quotes. 我的要求是,我应该允许用户输入双引号。
Is there any way to fix this??? 有没有什么办法解决这一问题???
4 个解决方案
解决方案1
2 2012-01-04 08:20:06
ASP.NET doesn't remove quotes in a textbox, so I would suggest posting code for review. ASP.NET不会在文本框中删除引号,因此我建议发布代码以供审核。
However, allowing quotes in input fields can trigger request validation in some cases, in which cases you would see a very specific error about a potentially dangerous request. 但是,在某些情况下,在输入字段中允许使用引号可以触发请求验证,在这种情况下,您会看到有关潜在危险请求的非常具体的错误。
Speaking of which, text fields which allow quotes should be checked for XSS attacks. 说到这,应该检查允许引号的文本字段是否受到XSS攻击。
解决方案2
1 2012-01-04 10:06:00
I reproduce you encounter case now. 现在重现您遇到的情况。 It cause by using double quotes in the value property, 这是由于在value属性中使用双引号引起的,
it will conflict with the value which also contain double quotes in textbox. 它将与在文本框中也包含双引号的值冲突。 So you should 所以你应该
change the double quotes to single quotes in output syntax. 在输出语法中将双引号更改为单引号。
You can try the below code: 您可以尝试以下代码:
output.Write(string.Format("<input name=\"{0}\" id=\"{0}\" type=\"text\" value=\'{1}\'{2}/>", UniqueID, Text, args));
解决方案3
0 2012-01-04 08:16:16
I didn't meet this issue before,It's OK for user to enter double quotes in textbox. 我之前没有遇到过这个问题,用户可以在文本框中输入双引号。
you can check if you have some program logic to filter the quote or debug your code to 您可以检查是否有一些程序逻辑来过滤引号或调试代码以
find the cause. 找到原因。 The below is a simple testing code. 下面是一个简单的测试代码。
<form id="form1" runat="server">
<div>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<asp:Button
ID="Button1" runat="server" Text="Button" onclick="Button1_Click" />
<asp:Button ID="Button2" runat="server" Text="Button" onclick="Button2_Click" />
</div>
</form>
protected void Button1_Click(object sender, EventArgs e)
{
Session.Add("KK",this.TextBox1.Text);
}
protected void Button2_Click(object sender, EventArgs e)
{
this.TextBox1.Text = Session["KK"] as string;
}
解决方案4
0 2012-01-04 10:38:53
If you overwrite "Render" you could also utilize that you are outputting to HtmlTextWriter which provides some help to creating html. 如果覆盖“渲染”,您还可以利用将其输出到HtmlTextWriter ,该方法为创建html提供了一些帮助。
While the sample below certainly is more verbose than your approach, it will also make the output aware of what is going on and allows the HtmlTextWriter (output) to insert values etc. The HtmlTextWriter will then ensure that the proper escaping is performed on the values. 尽管下面的示例肯定比您的方法更为冗长,但它还将使输出了解发生了什么,并允许HtmlTextWriter(输出)插入值等。然后,HtmlTextWriter将确保对值执行正确的转义。 。
protected override void RenderContents(HtmlTextWriter output)
{
output.AddAttribute(HtmlTextWriterAttribute.Name, UniqueID);
output.AddAttribute(HtmlTextWriterAttribute.Type, Text);
output.AddAttribute(HtmlTextWriterAttribute.Value, Value);
output.RenderBeginTag(HtmlTextWriterTag.Input);
output.RenderEndTag();
}
alternatively you could use System.Web.HttpUtility.HtmlEncode to avoid problems with character values etc. 或者,您可以使用System.Web.HttpUtility.HtmlEncode避免字符值等问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.