如何在ASP.NET Web.config httpRuntime for 3.5 Framework中编写
[英]How to write in asp.net web.config httpRuntime for 3.5 framework
问题描述
This attribute is new in the .NET Framework version 4.0.I have web.config file in solution with 4.0 version of .Net Framework 
此属性是.NET Framework 4.0版中的新属性。我在具有4.0版.Net Framework的解决方案中有web.config文件
<system.web>
<httpRuntime encoderType="Web.AntiXss.AntiXssEncoder, Web.AntiXss"/>
and this works well, but if i change version to 3.5 i get this erorr 这很好用,但是如果我将版本更改为3.5,我会得到erorr
Unrecognized attribute 'encoderType'. Note that attribute names are case-sensitive.
encoderType attribute is only in 4.0 version, how can i rewrite this to 3.5 ? encoderType属性仅在4.0版本中,如何将其重写为3.5?
EDIT 编辑
Or how can i use microsoft AntiXss library in .net 3.5 projects ? 或者如何在.net 3.5项目中使用Microsoft AntiXss库?
I use this article for .net 4.0 http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx 我将这篇文章用于.net 4.0 http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx
2 个解决方案
解决方案1
4 已采纳 2012-01-30 13:31:28
This is only for .Net4 这仅适用于.Net4
Gets or sets the name of a custom type that
can be used to handle HTML and URL encoding.
You must understand that this is an inside change of a function that are called from the core of Net4, this function is not exist on net 3.5 and lower, so its not how they write it, they just not exist. 您必须了解,这是从Net4核心调用的函数的内部变化,该函数在net 3.5及更低版本中不存在,因此它不是如何编写的,而是不存在。
reference: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx 参考: http : //msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx
Some more informations 一些更多的信息
This parametre actually is an option to replace the class System.Web.Util.HttpEncoder that also exist on Net 3.5, but with out the option of core replace it. 实际上,此参数是替换Net 3.5中也存在的类System.Web.Util.HttpEncoder的选项,但没有核心选项可以替换它。
The System.Web.Util.HttpEncoder is all ready very power full, and the Net.4 actually insert some more features. System.Web.Util.HttpEncoder都已经准备就绪,功能非常强大,而Net.4实际上插入了更多功能。 By replace it with the AntiXccEncoder maybe you get some more control but if not, then is not the end of the world (by HG Wells). 通过用AntiXccEncoder替换它,也许您可以获得更多的控制权,但是如果没有,那么这不是世界末日(HG Wells)。
Also I check if its possible with some code to replace this call, and seems to me not possible because this is called on too many points, for example its calling on all control attributes !, on url call, on html render, and its so native inside Net4 that is not worth to make so many code to change the HttpEncoder to AntiXccEncoder. 另外,我检查是否有可能用一些代码来代替此调用,并且在我看来这是不可能的,因为在太多点上都调用了它,例如,它对所有控件属性进行了调用!,对url进行了调用,对HTML呈现进行了调用,等等Net4内部的本机功能,不值得编写太多代码将HttpEncoder更改为AntiXccEncoder。
Maybe you need to focus on the page code that you may afraid for attack and be soure to handle the input data correct. 也许您需要专注于您可能担心受到攻击的页面代码,并确保正确处理输入数据。
解决方案2
0 2018-05-04 03:21:29
如果使用的是4.5之前的.NET版本,则需要下载该库并将其包含为对项目的引用,然后将早期的库名称用于encodeType设置,如下所示。
<httpRuntime encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.