我提前爲這樣一個長的答案道歉,但我想徹底。
這顯然是.Net 4.0(及更高版本)中的「安全」功能。你可以閱讀更多關於它:
上述所有環節的推薦聲明一個公共類重寫的行爲:
public class HtmlAttributeNoEncoding : System.Web.Util.HttpEncoder
{
protected override void HtmlAttributeEncode(string value, System.IO.TextWriter output)
{
output.Write(value);
}
}
然後將其添加到<system.web>
元素在你的web.config:
<httpRuntime encoderType="HtmlAttributeNoEncoding"/>
這絕對修復的呈現問題,讓引號和撇號呈現爲"
和'
(如預期)。
這麼說,我測試了你的問題如下:
<script type="text/javascript">
var doConfirm = function (action, item) {
alert('Sikker på du vil ' + action + ': ' + item);
return false;
};
</script>
<p>Some "arbitrary" text. <asp:Button ID="Button3" runat="server" Text="Button" OnClientClick="doConfirm('delete', 'myalbum');" /></p>
<asp:GridView ID="GridView1" runat="server">
<Columns>
<asp:TemplateField>
<ItemTemplate>
<asp:Button ID="Button1" runat="server" Text="Button" OnClientClick='<%# Eval("albumName", "doConfirm(\"delete\", \"{0}\");").ToString() %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField HeaderText="Album Name" DataField="albumName" />
<asp:TemplateField>
<ItemTemplate>
<asp:Button ID="Button2" runat="server" Text="Button" OnClientClick='<%# CreateConfirmation("delete", (string)Eval("albumName")) %>' />
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
,並在後臺代碼:
public partial class _Default : System.Web.UI.Page
{
public string CreateConfirmation(String action, String item)
{
return String.Format(@"return doConfirm('{0}', '{1}');", action, item);
}
protected void Page_Load(object sender, EventArgs e)
{
DataTable dt = new DataTable();
DataColumn dc = new DataColumn("albumName", typeof(string));
DataRow dr = null;
dt.Columns.Add(dc);
dr = dt.NewRow();
dr["albumName"] = "Zen Arcade";
dt.Rows.Add(dr);
dr = dt.NewRow();
dr["albumName"] = "New Day Rising";
dt.Rows.Add(dr);
dr = dt.NewRow();
dr["albumName"] = "Candy Apple Grey";
dt.Rows.Add(dr);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
我能複製你的渲染問題:
<p>Some "arbitrary" text.
<input type="submit" onclick="doConfirm('delete', 'myalbum');" value="Button" name="ctl00$MainContent$Button3" id="MainContent_Button3" />
</p>
<div>
<table cellspacing="0" rules="all" border="1" id="MainContent_GridView1"
style="border-collapse:collapse;">
<tr>
<th scope="col"> </th>
<th scope="col">Album Name</th>
<th scope="col"> </th>
<th scope="col">albumName</th>
</tr>
<tr>
<td>
<input type="submit" onclick="doConfirm("delete", "Zen Arcade");" value="Button" name="ctl00$MainContent$GridView1$ctl02$Button1" id="MainContent_GridView1_Button1_0" />
</td>
<td>Zen Arcade</td>
<td>
<input type="submit" onclick="return doConfirm('delete', 'Zen Arcade');" value="Button" name="ctl00$MainContent$GridView1$ctl02$Button2" id="MainContent_GridView1_Button2_0" />
</td>
<td>Zen Arcade</td>
</tr>
<tr>
<td>
<input type="submit" onclick="doConfirm("delete", "New Day Rising");" value="Button" name="ctl00$MainContent$GridView1$ctl03$Button1" id="MainContent_GridView1_Button1_1" />
</td>
<td>New Day Rising</td>
<td>
<input type="submit" onclick="return doConfirm('delete', 'New Day Rising');" value="Button" name="ctl00$MainContent$GridView1$ctl03$Button2" id="MainContent_GridView1_Button2_1" />
</td>
<td>New Day Rising</td>
</tr>
<tr>
<td>
<input type="submit" onclick="doConfirm("delete", "Candy Apple Grey");" value="Button" name="ctl00$MainContent$GridView1$ctl04$Button1" id="MainContent_GridView1_Button1_2" />
</td>
<td>Candy Apple Grey</td>
<td>
<input type="submit" onclick="return doConfirm('delete', 'Candy Apple Grey');" value="Button" name="ctl00$MainContent$GridView1$ctl04$Button2" id="MainContent_GridView1_Button2_2" />
</td>
<td>Candy Apple Grey</td>
</tr>
</table>
</div>
當任何按鈕被點擊時,JavaScript函數忽略HTML編碼,提醒我:
Sikker på du vil delete: Zen Arcade
因此,儘管它看起來在源質樸,有引號和撇號呈現爲"
和'
並沒有真正出現什麼影響。
這屬於什麼類型的控件('','',''等等)? –
pete
在第一個示例中,如果將其更改爲在doConfirm方法調用中使用單引號,會發生什麼情況? 'OnClientClick ='<%#Eval(「albumName」,「doConfirm('delete','{0}');」)。ToString()%>'' –
它的一個按鈕控制... –