MVC中<%:%>与<%= %>的区别

本文介绍了ASP.NET MVC中Html.Encode()方法的作用及使用方式,并对比了<%:%>与<%=%>的区别,强调了安全编码的重要性。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

<%:%>相当于Html.Encode()

 public ActionResult HtmlEncodeDemo()
        {
            ViewData["strscript"] = "<script>alert('demo');</script>";
            return View();
        }
   <%= ViewData["strscript"]%> //<script>alert('demo');</script>
    <%: ViewData["strscript"]%> //弹出一个提示框
    <%: Html.Raw("<p>我是一个Html.Raw!</p>")%> //输出一行:我是一个Html.Raw!
    <%: new HtmlString("<p>我是一个Html.Raw!</p>")%> //输出一行:我是一个Html.Raw!
    <%: new MvcHtmlString("<p>我是一个Html.Raw!</p>")%> //输出一行:我是一个Html.Raw!

应尽量使用<%:%>,而不是<%= %>,不安全

把下面的source,改写成thymeleaf形式文件。 <%@ page contentType="text/html; charset=UTF-8"%> <%@ page pageEncoding="UTF-8"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <%@ taglib uri="http://www.springframework.org/tags" prefix="spring"%> <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%> <!DOCTYPE html> <html> <head> <!-- IEバージョン設定 --> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE11"> <title> 会社マスタ一覧画面</title> <!-- jQuery設定 --> <script src="<c:url value="/resources/js/jquery-1.11.3.min.js" />"></script> <!-- CSS設定 --> <link rel="stylesheet" type="text/css" href="<c:url value="/resources/css/tsocms.css" />"> <script> $(function() { $(".stockCompanyMasterListTable tr:odd").addClass("odd"); $(".stockCompanyMasterListTable tr:even").addClass("even"); }); </script> <script> <!-- function stockCompanyclearButton() { document.select.mechSubCode.value = ""; document.select.stockCompanyName.value =""; } function updateSubmitCheck() { if(!radioCheck("更新対象をラジオボタンで選択してください。")) return; stockCompanyMasterListUpdateButton(); } function deleteSubmitCheck() { if(!radioCheck("削除対象をラジオボタンで選択してください。")) return; stockCompanyMasterListDeleteButton(); } function stockCompanySearchButton() { var target = document.getElementById("stockCompanyMasterListForm"); target.action = "${pageContext.request.contextPath}/stockcompanymasterlist/select"; target.submit(); } function stockCompanyMasterListDeleteButton() { var target = document.getElementById("stockCompanyMasterListForm"); target.action = "${pageContext.request.contextPath}/stockcompanymasterdelete"; target.submit(); } function stockCompanyMasterListUpdateButton() { var target = document.getElementById("stockCompanyMasterListForm"); target.action = "${pageContext.request.contextPath}/stockcompanymasterupdate"; target.submit(); } function radioCheck(msg) { var flag = false; var elm = document.getElementsByName('selectedKey'); for (i = 0; i < elm.length; i++) { if (elm[i].checked) { flag = true; } } if (!flag) { alert(msg); return false; } return true; } //--> </script> </head> <body> <!-- <!-- ページ見出し --> <div> <h1> 会社マスタ一覧画面</h1> </div> <form:form name="select" modelAttribute="stockCompanyMasterListForm" method="post" action="${pageContext.request.contextPath}/stockcompanymasterlist/select"> <!-- 会社結果一覧表 --> <div class="stockCompanyMasterListTableAll"> <div class="keyleft"> <!-- 検索キー --> <!-- 機構加入者コード --> <div class="searchkey"> <span class="mechSubCodeKey">機構加入者コード</span> <form:input type="search" path="mechSubCode" size="45" /> </div> <!-- 会社名 --> <div class="searchkey"> <span class="stockCompanyNameKey">会社名</span> <form:input type="search" path="stockCompanyName" size="45" /> </div> <!-- Hidden検索キー --> <form:hidden path="mechSubCodeHidden" /> <form:hidden path="stockCompanyNameHidden" /> </div> <div class="keyright"> <!-- 検索ボタン --> <form:button type="submit" name="stockCompanySearchbutton" id="stockCompanySearchbutton" onclick="stockCompanySearchButton()">検索</form:button> <!-- 初期化ボタン --> <form:button type="button" name="stockCompanyclearbutton" id="stockCompanyclearbutton" onclick="stockCompanyclearButton()">初期化</form:button> </div> <div class="stockCompanyMasterListTable"> <table class="stockCompanyMasterListTable"> <thead class="stockCompanyMasterList"> <tr> <th class="radioButton"></th> <th class="mechSubCode">機構加入者コード</th> <th class="stockCompanyName">会社名</th> <th class="stockCompanyNameKana">会社名カナ</th> <th class="effectiveDate">適用開始日</th> <th class="expireDate">適用終了日</th> </tr> </thead> <tbody class="searchListBody"> <c:forEach var="detail" items="${stockCompanyMasterListForm.stockCompanyMasterListDetailFormList}" varStatus="status"> <tr> <td class="radioButton"> <form:radiobutton path="selectedKey" value="${detail.mechanismSubscriberCd},${detail.effectiveDate}" /><br> </td> <td class="mechSubCode"> <c:out value="${detail.mechanismSubscriberCd}"></c:out> </td> <td class="stockCompanyName"> <c:out value="${detail.stockcompany}"></c:out> </td> <td class="stockCompanyNameKana"> <c:out value="${detail.stockcompanyKana}"></c:out> </td> <td class="effectiveDate"> <c:out value="${detail.effectiveDate}"></c:out> </td> <td class="expireDate"> <c:out value="${detail.expireDate}"></c:out> </td> </tr> </c:forEach> </tbody> </table> </div> <div class="left"></div> <div class="right"> <!-- 新規登録ボタン --> <form:button type="button" name="stockCompanyMasterListRegisterbutton" id="stockCompanyMasterListRegisterbutton" onclick="location.href='${pageContext.request.contextPath}/stockcompanymasterregister'">新規登録</form:button> <!-- 更新ボタン --> <form:button type="button" name="stockCompanyMasterListUpdatebutton" id="stockCompanyMasterListUpdatebutton" onclick="updateSubmitCheck()">更新</form:button> <!-- 削除ボタン --> <form:button type="button" name="stockCompanyMasterListDeletebutton" id="stockCompanyMasterListDeletebutton" onclick="deleteSubmitCheck()">削除</form:button> <!-- 戻るボタン --> <form:button type="button" name="stockCompanyMasterListReturnbutton" id="stockCompanyMasterListReturnbutton" onclick="location.href='${pageContext.request.contextPath}/master'">戻る</form:button> </div> </div> </form:form> </body> </html>
最新发布
07-18
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值