1
我設置一個基本的MVC 4應用到每個一些老instructions使用AntiXssEncoder在web.config。當我這樣做時,雖然通常會被編碼的應用程序字符不再被正確編碼。AntiXssEncoder在web.config中弄亂了默認的編碼方案
反正在web.config糾正這種不可接受的行爲,或者這個庫剛剛打破?
<httpRuntime targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
MVC4默認的web.config: 此展品預期的行爲
<table>
<tr>
<td>No encoding</td>
<td>Inside Microsoft® SharePoint® 2013</td>
</tr>
<tr>
<td>HttpUtility.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>Inside Microsoft&#174; SharePoint&#174; 2013</td> <!-- double encoded, expected result -->
</tr>
<tr>
<td>AntiXssEncoder.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>Inside Microsoft® SharePoint® 2013</td><!-- manual call to encode, expected result -->
</tr>
</table>
AntiXssEncoder設置在web.config中: 這是不預期的行爲。沒有任何版權符號已被正確編碼。
<table>
<tr>
<td>No encoding</td>
<td>Inside Microsoft® SharePoint® 2013</td>
</tr>
<tr>
<td>HttpUtility.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>Inside Microsoft® SharePoint® 2013</td>
</tr>
<tr>
<td>AntiXssEncoder.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>Inside Microsoft® SharePoint® 2013</td>
</tr>
</table>
的源代碼參考:
<table>
<tr>
<td>No encoding</td>
<td>@data</td>
</tr>
<tr>
<td>HttpUtility.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>@HttpUtility.HtmlEncode(data)</td>
</tr>
<tr>
<td>AntiXssEncoder.HtmlEncode("Inside Microsoft® SharePoint® 2013")</td>
<td>@System.Web.Security.AntiXss.AntiXssEncoder.HtmlEncode(data, false)</td>
</tr>
</table>