stackoom
  简体   繁体   中英

How to write in asp.net web.config httpRuntime for 3.5 framework

 原文  2012-01-30 13:27:43       c#/ asp.net/ xss/ antixsslibrary

Question

This attribute is new in the .NET Framework version 4.0.I have web.config file in solution with 4.0 version of .Net Framework 

<system.web>
    <httpRuntime  encoderType="Web.AntiXss.AntiXssEncoder, Web.AntiXss"/>

and this works well, but if i change version to 3.5 i get this erorr 

Unrecognized attribute 'encoderType'. Note that attribute names are case-sensitive.

encoderType attribute is only in 4.0 version, how can i rewrite this to 3.5 ?

EDIT
Or how can i use microsoft AntiXss library in .net 3.5 projects ?
I use this article for .net 4.0 http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx

2 answers

solution1
 4 ACCPTED  2012-01-30 13:31:28

This is only for .Net4 

Gets or sets the name of a custom type that 
        can be used to handle HTML and URL encoding.

You must understand that this is an inside change of a function that are called from the core of Net4, this function is not exist on net 3.5 and lower, so its not how they write it, they just not exist.

reference: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx

Some more informations

This parametre actually is an option to replace the class System.Web.Util.HttpEncoder that also exist on Net 3.5, but with out the option of core replace it.

The System.Web.Util.HttpEncoder is all ready very power full, and the Net.4 actually insert some more features. By replace it with the AntiXccEncoder maybe you get some more control but if not, then is not the end of the world (by HG Wells).

Also I check if its possible with some code to replace this call, and seems to me not possible because this is called on too many points, for example its calling on all control attributes !, on url call, on html render, and its so native inside Net4 that is not worth to make so many code to change the HttpEncoder to AntiXccEncoder.

Maybe you need to focus on the page code that you may afraid for attack and be soure to handle the input data correct.

solution2
 0  2018-05-04 03:21:29

如果使用的是4.5之前的.NET版本,则需要下载该库并将其包含为对项目的引用,然后将早期的库名称用于encodeType设置,如下所示。 

<httpRuntime encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary" />

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC 5 web.config <system.web> compilation & httpRuntime error write a redirect rule in web.config in asp.net application How to check the framework of asp.net website using web.config file web.config in asp.net web.config in ASP.NET 5 MVC 6 Web.Config file in asp.net Authorization Asp.net web.config Hardcoding into web.config in asp.net web.config issue in ASP.Net Asp.Net RequireSSL in Web.config
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM