C# innerthtml的替代方案
我目前正在使用服务器端C#使用innerHTMl将html标记附加到div。在这一点上,我有点担心innerHTML没有被加密,这可能会导致一些安全漏洞C# innerthtml的替代方案,c#,asp.net,C#,Asp.net,我目前正在使用服务器端C#使用innerHTMl将html标记附加到div。在这一点上,我有点担心innerHTML没有被加密,这可能会导致一些安全漏洞 var myRequestCount = client.GetRequests(id); var myRequestMsgs = client.GetRequests(id).OrderByDescending(rd => rd.CreatedDate).Take(4); lblNoOfRequests.
var myRequestCount = client.GetRequests(id);
var myRequestMsgs = client.GetRequests(id).OrderByDescending(rd => rd.CreatedDate).Take(4);
lblNoOfRequests.Text = myRequestCount.Count().ToString();
if (myRequestMsgs.Count() != 0)
{
StringBuilder sb = new StringBuilder();
sb.Append("<ul style='list-style-type:disc !important'>");
foreach (var requestMsgs in myRequestMsgs)
{
sb.Append("<a href='#' onclick='return openMyRequestRadWindow(" + requestMsgs.RequestNo + " );' style='color:#f60;font-size:12px;line-height:0.5em'>" + MyZimraHelpers.TruncateAtWord(requestMsgs.Subject, 50) + "</a><br/>");
}
myRequestContainer.InnerHtml = sb.ToString();
}
else
{
myRequestContainer.InnerHtml = "No Request was found";
dvMyRequestVwMore.Visible = false;
}
client.Close();
var myRequestCount=client.GetRequests(id);
var myRequestMsgs=client.GetRequests(id).OrderByDescending(rd=>rd.CreatedDate).Take(4);
lblNoOfRequests.Text=myRequestCount.Count().ToString();
如果(myRequestMsgs.Count()!=0)
{
StringBuilder sb=新的StringBuilder();
sb.追加(“”;
foreach(myRequestMsgs中的var requestMsgs)
{
sb.追加(“
”);
}
myRequestContainer.InnerHtml=sb.ToString();
}
其他的
{
myRequestContainer.InnerHtml=“未找到任何请求”;
dvMyRequestVwMore.Visible=false;
}
client.Close();
谢谢您可以在视图内部编写循环,而不是从代码隐藏将html注入控件。我经常使用这种模式
<% foreach (var requestMsgs in myRequestMsgs)
{ %>
<a href="#"
onclick="return openMyRequestRadWindow(<%= requestMsgs.RequestNo %>);"
style="color:#f60; font-size:12px; line-height:0.5em; " >
<%= MyZimraHelpers.TruncateAtWord(requestMsgs.Subject, 50) %>
</a><br/>
<% } %>