问题
I am trying to validate user inputs (free text) on a web page before the data is stored in the database. The site's written using unconvensional asp.net, as it was largely upgraded from classic asp.
I want to make sure / or protect users from entering text values along with invalid characters such html. At the moment, if the page is submitted it crashes.
Should I use the HttpUtility.HtmlEncode to correct each text box entry? Does this sound feasible?
Thanks in advance.
回答1:
Yes
One of the most important things you can do from a security perspective is to ensure you're encoding all types of data appropriately.
When you're storing HTML that has been put into a web form you no longer want it to be interpreted as HTML. HttpUtility.HtmlEncode ensures this happens, so yes you need to use it.
来源:https://stackoverflow.com/questions/4806834/httputility-htmlencode-to-validate-user-entries