1. 技术文章
  2. How do I properly encode a mailto link?

How do I properly encode a mailto link?

时光总嘲笑我的痴心妄想 提交于 2019-12-07 01:46:51

问题


I am generating some HTML and I want to generate an XSS- and database-content-safe mailto link. What is the proper encoding to use here? How's this?

myLiteral.Text = string.Format(
  "mailto:{0}?Content-Type=text/html&Subject={1}&body={2}", 
  HttpUtility.UrlEncode(email_address),
  HttpUtility.UrlEncode(subject),
  HttpUtility.UrlEncode(body_message));

Should I use UrlEncode here? HtmlEncode? Do what I did, then HtmlEncode the entirety? I'm writing HTML of a URL, so I'm a little unclear...

@Quentin, is this what you're describing? (Changed &s to & since I'm about to HtmlEncode...)

myLiteral.Text = 
  HttpUtility.HtmlEncode(HttpUtility.UrlEncode(
    string.Format(
      "mailto:{0}?Content-Type=text/html&Subject={1}&body={2}", 
      email_address, subject, body_message)));

回答1:


You are putting some content in a URL, then representing that URL in HTML. So URLEncode it then HTMLEncode what you get from URLEncode.



来源:https://stackoverflow.com/questions/7561181/how-do-i-properly-encode-a-mailto-link

标签
ASP.NET
html
xss
urlencode
mailto
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!