C# HTML 的转义文本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1005264/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Escape text for HTML
提问by
How do i escape text for html use in C#? I want to do
如何在 C# 中为 html 使用转义文本?我想要做
sample="<span>blah<span>"
and have
并且有
<span>blah<span>
show up as plain text instead of blah only with the tags part of the html :(. Using C# not ASP
仅使用 html 的标签部分显示为纯文本而不是 blah :(。使用 C# 而不是 ASP
回答by Andrew Siemer
You can use actual html tags <xmp>and </xmp>to output the string as is to show all of the tags in between the xmp tags.
您可以使用实际的 html 标签<xmp>并按</xmp>原样输出字符串以显示 xmp 标签之间的所有标签。
Or you can also use on the server Server.UrlEncodeor HttpUtility.HtmlEncode.
或者您也可以在服务器上使用Server.UrlEncode或HttpUtility.HtmlEncode.
回答by Michael S. Scherotter
using System.Web;
var encoded = HttpUtility.HtmlEncode(unencoded);
回答by Tereza Tomcova
Also, you can use this if you don't want to use the System.Webassembly:
此外,如果您不想使用System.Web程序集,则可以使用它:
var encoded = System.Security.SecurityElement.Escape(unencoded)
Per this article, the difference between System.Security.SecurityElement.Escape()and System.Web.HttpUtility.HtmlEncode()is that the former also encodes apostrophe (')characters.
每这篇文章,之间的区别System.Security.SecurityElement.Escape(),并System.Web.HttpUtility.HtmlEncode()为前者还对单引号(')字符。
回答by Nacht - Reinstate Monica
nobody has mentioned yet, in ASP.NET 4.0 there's new syntax to do this. instead of
还没有人提到,在 ASP.NET 4.0 中有新的语法可以做到这一点。代替
<%= HttpUtility.HtmlEncode(unencoded) %>
you can simply do
你可以简单地做
<%: unencoded %>
read more here: http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
在此处阅读更多信息:http: //weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and- asp-net-mvc-2.aspx
回答by Alex
If you're using .NET 4 or above and you don't want to reference System.Web, you can use WebUtility.HtmlEncodefrom System
如果您使用的是 .NET 4 或更高版本并且不想引用System.Web,则可以使用WebUtility.HtmlEncodefromSystem
var encoded = WebUtility.HtmlEncode(unencoded);
This has the same effect as HttpUtility.HtmlEncodeand should be preferred over System.Security.SecurityElement.Escape.
这HttpUtility.HtmlEncode与System.Security.SecurityElement.Escape.
回答by Contra
Didn't see this here
没看到这里
System.Web.HttpUtility.JavaScriptStringEncode("Hello, this is Satan's Site")
it was the only thing that worked (asp 4.0+) when dealing with html like this. The'gets rendered as '(using htmldecode) in the html, causing it to fail:
这是处理像这样的 html 时唯一有效的东西(asp 4.0+)。在'被呈现为'(使用htmldecode)在HTML,导致它失败:
<a href="article.aspx?id=268" onclick="tabs.open('modules/xxx/id/268', 'It's Allstars'); return false;">It's Allstars</a>
回答by Victor
.NET 4.0 and above:
.NET 4.0 及更高版本:
using System.Web.Security.AntiXss;
//...
var encoded = AntiXssEncoder.HtmlEncode("input", useNamedEntities: true);
回答by Iman
there are some special quotes characters which are not removed by HtmlEncode and will not be displayed in Edge or IE correctly like ” and “ . you can extent replacing these characters with something like below function.
有一些特殊的引号字符没有被 HtmlEncode 删除,并且不会像 ” 和 “ 那样在 Edge 或 IE 中正确显示。你可以用下面的函数来替换这些字符。
private string RemoveJunkChars(string input)
{
return HttpUtility.HtmlEncode(input.Replace("”", "\"").Replace("“", "\""));
}
回答by fordrof
For those in the future looking for a simple way to do this in Razor pages, use the following:
对于将来在 Razor 页面中寻找一种简单方法来执行此操作的人,请使用以下内容:
In .cshtml:
在 .cshtml 中:
@Html.Raw(Html.Encode("<span>blah<span>"))
In .cshtml.cs:
在 .cshtml.cs 中:
string rawHtml = Html.Raw(Html.Encode("<span>blah<span>"));
