save the content into .ascx file, then in your page<%@ Register TagPrefix="mspuc" TagName="SiteHeader" Src="YourFile.ascx" %>....<mspuc:SiteHeader id="SiteHeader1" runat="server" />
例如 string ss = "<Script>alert(1);</script>"; Response.Write( Page.Server.HtmlEncode( ss )+ "<br>" );
TO dragontt(龙人) : 问题在于从数据库取出来时,并没有"<br>"等HTML标记,回车在数据库里只是空格,所以无从还原
use PlaceHolder or LiteralControl aspx: <asp:PlaceHolder id="ph" runat="Server" /><asp:LiteralControl id="lc" runat="Server" />.... if you are using code-behind, declare protected PlaceHolder ph; protected LiteralControl lc;then read from the database, .... LiteralControl lc2 = new LiteralControl("YourText"); ph.Controls.Add(lc2); lc.Text = "YourText";
if your code is plain-text, then doLiteralControl lc2 = new LiteralControl("<PRE>YourText</PRE>"); ph.Controls.Add(lc2); lc.Text = "<PRE>YourText</PRE>";
我的这段文字是从数据库里取出来的,不能做死的
string ss = "<Script>alert(1);</script>";
Response.Write( Page.Server.HtmlEncode( ss )+ "<br>" );
问题在于从数据库取出来时,并没有"<br>"等HTML标记,回车在数据库里只是空格,所以无从还原
aspx:
<asp:PlaceHolder id="ph" runat="Server" /><asp:LiteralControl id="lc" runat="Server" />....
if you are using code-behind, declare
protected PlaceHolder ph;
protected LiteralControl lc;then read from the database,
....
LiteralControl lc2 = new LiteralControl("YourText");
ph.Controls.Add(lc2);
lc.Text = "YourText";
ph.Controls.Add(lc2);
lc.Text = "<PRE>YourText</PRE>";