這是我的第一個帖子在這裏:跨站腳本攻擊:保護無效的RowDataBound(對象發件人,GridViewRowEventArgs E)
得到2點從掃描報告的問題。請幫我緩解此問題:
XSS攻擊:
protected void gvMSMQ_RowDataBound(object sender, GridViewRowEventArgs e)**
信息泄漏:
lblError.Text = "RowBound - " + errorMessage + "......" + ex.Message
感謝你的幫助。
protected void gvMSMQ_RowDataBound(object sender, GridViewRowEventArgs e)
{
string Path = string.Empty;
string errorMessage = "";
try
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
Image img = (Image)e.Row.Cells[0].FindControl("img1");
Literal ltrl = (Literal)e.Row.FindControl("lit1");
ltrl.Text = ltrl.Text.Replace("trCollapseGrid", "trCollapseGrid" + e.Row.RowIndex.ToString());
string str = "trCollapseGrid" + e.Row.RowIndex.ToString();
e.Row.Cells[0].Attributes.Add("OnClick", "OpenTable('" + str + "','" + img.ClientID + "')");
e.Row.Cells[0].RowSpan = 1;
errorMessage = "Two";
//Path = lstMSMQ[e.Row.RowIndex].Path;
UCEnvironmentViewerQueueGrid ucQueueGrids = (UCEnvironmentViewerQueueGrid)e.Row.FindControl("ucQueueGrids");
Classes.MSMQprofile msmqObj = new Classes.MSMQprofile();
var rowItems = e.Row.DataItem;
msmqObj = rowItems as Classes.MSMQprofile;
ucQueueGrids.lstNormalMSMQ = msmqObj.NormalQueueList;
//ucQueueGrids.lstJournalQueue = msmqObj.JournalQueueList;
ucQueueGrids.BindControl();
}
}
catch (Exception ex)
{
//error on this line!
lblError.Text = "RowBound - " + errorMessage + "......" + ex.Message;
}
}
歡迎來到StackOverflow!您應該確保使用您正在使用的語言標記您的問題。另外,很高興知道您使用的掃描儀是什麼。 – Gray
當然。使用C#和來自WH Sentinel –