将js脚本编码,躲避 .NET 的检查,然后再解码
解决
对编码的字符串解码
借助控件
<asp:GridView ID="GridViewData" runat="server" OnRowDataBound="GridViewData_RowDataBound"> </asp:GridView>
实现
protected void GridViewData_RowDataBound(object sender, GridViewRowEventArgs e) { //格式问题 GridViewRow gvr = e.Row; for(int i=0;i<=gvr.Cells .Count -1;i++) { gvr.Cells[i].Attributes.Add("style", "vnd.ms-excel.numberformat:@"); } //对编码字符串解码 if (e.Row.RowType == DataControlRowType.DataRow) { TableCellCollection cells = e.Row.Cells; foreach (TableCell cell in cells) { cell.Text = Server.HtmlDecode(cell.Text); } } }
加上后
编码控件
<%@ Control Language="C#" AutoEventWireup="true" CodeFile="WebHtmlTextBox.ascx.cs" Inherits="CommonDrops_WebHtmlTextBox" %> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <asp:Literal ID="Literal1" runat="server"></asp:Literal><asp:HiddenField ID="HiddenField1" runat="server" />
cs 文件
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; public partial class CommonDrops_WebHtmlTextBox : System.Web.UI.UserControl { protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { this.Literal1.Text = ConvertHtmlBianMaByScript(this.TextBox1, this.HiddenField1); } } public void SetTextBox(Button button) { this.TextBox1.TextMode = TextBoxMode.MultiLine; button.OnClientClick = "return converthtml" + TextBox1.ID + "()"; } public void SetTextBox(Button button,int iRow,bool isPixel,int iWidth) { this.TextBox1.TextMode = TextBoxMode.MultiLine; button.OnClientClick = "return converthtml" + TextBox1.ID + "()"; if (isPixel) { this.TextBox1.Width = Unit.Pixel(iWidth); } else { this.TextBox1.Width = Unit.Percentage(iWidth); } this.TextBox1.Rows = iRow; } public TextBox _TextBox { get { return this.TextBox1; } set { this.TextBox1 = value; this.Literal1.Text = ConvertHtmlBianMaByScript(this.TextBox1, this.HiddenField1); } } public string _Value { get { string s = ConvertHtmlJieMaByCs(this.HiddenField1.Value); this.TextBox1.Text = s; return s; } } public string ConvertHtmlBianMaByScript(TextBox tb, HiddenField hid) { string script = string.Empty; script += "<script type="text/javascript">"; script += "function converthtml" + tb.ID + "()"; script += "{"; script += "var txt=document .getElementById ("" + tb.ClientID + "").value;"; script += "txt=txt.replace(/</g,"01^01");"; script += "txt=txt.replace(/>/g,"02^02");"; script += "txt=txt.replace(/"/g,"03^03");"; script += "txt=txt.replace(/=/g,"04^04");"; script += "txt=txt.replace(/ /g,"11^11");"; script += "txt=txt.replace(/function/g,"12^12");"; script += "txt=txt.replace(/;/g,"13^13");"; script += "txt=txt.replace(/http/g,"14^14");"; script += "txt=txt.replace(/{/g,"15^15");"; script += "txt=txt.replace(/}/g,"16^16");"; script += "txt=txt.replace(/:/g,"17^17");"; script += "txt=txt.replace(/;/g,"18^18");"; script += "txt=txt.replace(/script/g,"19^19");"; //script += "alert(txt);"; script += "document .getElementById ("" + hid.ClientID + "").value=txt;"; script += "document .getElementById ("" + tb.ClientID + "").value="";"; script += "return true;"; script += "}"; script += "</script> "; return script; } public string ConvertHtmlJieMaByCs(object obj) { if (obj == null) return string.Empty; string script = obj.ToString(); if (script == string.Empty) return string.Empty; script = script.Replace("01^01", "<"); script = script.Replace("02^02", ">"); script = script.Replace("03^03", """); script = script.Replace("04^04", "="); script = script.Replace("11^11", " "); script = script.Replace("12^12", "function"); script = script.Replace("13^13", ";"); script = script.Replace("14^14", "http"); script = script.Replace("15^15", "{"); script = script.Replace("16^16", "}"); script = script.Replace("17^17", ":"); script = script.Replace("18^18", ";"); script = script.Replace("19^19", "script"); return script; } }