//CleanString.cs文件
//问下大家这个类是用来干什么的?using System;//using System.Text;namespace SCard
{
/// <summary>
/// CleanString 的摘要说明。
/// </summary>
public sealed class CleanString
{ public static string htmlInputText( string inputString )//HTML过滤输入字符串
{
if ((inputString != null) && (inputString != String.Empty ))
{
inputString = inputString.Trim();
inputString = inputString.Replace("'",""");
inputString = inputString.Replace("<","<");
inputString = inputString.Replace(">",">");
inputString = inputString.Replace(" "," ");
inputString = inputString.Replace("\n","<br>");
return inputString.ToString();
}
return "";
} public static string htmlOutputText( string inputString )//HTML还原字符串
{
if ((inputString != null) && (inputString != String.Empty ))
{
inputString = inputString.Trim();
inputString = inputString.Replace(""","'");
inputString = inputString.Replace("<","<");
inputString = inputString.Replace(">",">");
inputString = inputString.Replace(" "," ");
inputString = inputString.Replace("<br>","\n");
return inputString.ToString();
}
return "";
} }
}
//问下大家这个类是用来干什么的?using System;//using System.Text;namespace SCard
{
/// <summary>
/// CleanString 的摘要说明。
/// </summary>
public sealed class CleanString
{ public static string htmlInputText( string inputString )//HTML过滤输入字符串
{
if ((inputString != null) && (inputString != String.Empty ))
{
inputString = inputString.Trim();
inputString = inputString.Replace("'",""");
inputString = inputString.Replace("<","<");
inputString = inputString.Replace(">",">");
inputString = inputString.Replace(" "," ");
inputString = inputString.Replace("\n","<br>");
return inputString.ToString();
}
return "";
} public static string htmlOutputText( string inputString )//HTML还原字符串
{
if ((inputString != null) && (inputString != String.Empty ))
{
inputString = inputString.Trim();
inputString = inputString.Replace(""","'");
inputString = inputString.Replace("<","<");
inputString = inputString.Replace(">",">");
inputString = inputString.Replace(" "," ");
inputString = inputString.Replace("<br>","\n");
return inputString.ToString();
}
return "";
} }
}
不过这个转换其实太简单了,丢了很多东西。你看csdn的这个录入框也会把录入的格式在显示时变成错位的格式。
这样如果是<br>,在显示的时候就不会当成是个回车,而是仍然显示为<br>
这样对于XSS(跨站点脚本)攻击是一个非常好的防范手段。当然,编码后显示的时候也不会因为含有HTML代码破坏了页面布局