This attribute is new in the .NET Framework version 4.0.I have web.config file in solution with 4.0 version of .Net Framework
<system.web>
<httpRuntime encoderType="Web.AntiXss.AntiXssEncoder, Web.AntiXss"/>
and this works well, but if i change version to 3.5 i get this erorr
Unrecognized attribute 'encoderType'. Note that attribute names are case-sensitive.
encoderType attribute is only in 4.0 version, how can i rewrite this to 3.5 ?
EDIT
Or how can i use microsoft AntiXss library in .net 3.5 projects ?
I use this article for .net 4.0 http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx
This is only for .Net4
Gets or sets the name of a custom type that
can be used to handle HTML and URL encoding.
You must understand that this is an inside change of a function that are called from the core of Net4, this function is not exist on net 3.5 and lower, so its not how they write it, they just not exist.
reference: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx
This parametre actually is an option to replace the class System.Web.Util.HttpEncoder that also exist on Net 3.5, but with out the option of core replace it.
The System.Web.Util.HttpEncoder
is all ready very power full, and the Net.4 actually insert some more features. By replace it with the AntiXccEncoder
maybe you get some more control but if not, then is not the end of the world (by HG Wells).
Also I check if its possible with some code to replace this call, and seems to me not possible because this is called on too many points, for example its calling on all control attributes !, on url call, on html render, and its so native inside Net4 that is not worth to make so many code to change the HttpEncoder to AntiXccEncoder.
Maybe you need to focus on the page code that you may afraid for attack and be soure to handle the input data correct.
如果使用的是4.5之前的.NET版本,则需要下载该库并将其包含为对项目的引用,然后将早期的库名称用于encodeType设置,如下所示。
<httpRuntime encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary" />
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.