Telerik RadGrid 控件如何防止XSS Attack
来源:互联网 发布:vivo网络助手在哪里? 编辑:程序博客网 时间:2024/04/20 16:40
一:对于服务器端的数据绑定设置,可以:
1)如果是:RadGrid control(RadGrid for asp.net ajax) 版本,则使用HtmlEncode 属性。
<MasterTableView> <Columns> <telerik:GridBoundColumn UniqueName="Description" DataField="Description" HtmlEncode="true" /> </Columns> </MasterTableView>
2)如果(RadGrid for asp.net),只能在ItemDataBound事件中,手动实现了:
protected void RadGrid1_ItemDataBound(object sender, GridItemEventArgs e) { if (e.Item is GridDataItem) { GridDataItem dataItem = (GridDataItem)e.Item;if (!e.Item.IsInEditMode)
{
dataItem["BoundColumnUniqueName"].Text = Server.HtmlEncode(dataItem["BoundColumnUniqueName"].Text);
}
} }
二:对于客户器端的数据绑定设置,使用JavaScript的escape Function() 来实现 (http://www.telerik.com/community/forums/aspnet-ajax/grid/htmlencode-true-not-honoured-on-a-gridboundcolumn-when-using-clientside-data-binding.aspx)
<ClientSettings> <DataBinding Location="WebService.asmx" SelectMethod="GetData" /> </ClientSettings>
in aspx.cs file
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
[WebMethod]
public static List<Customer> GetData()
{
DataClassesDataContext context = new DataClassesDataContext();
return context.Customers.Take(10).ToList();
}
}
in aspx file
<head runat="server">
<title></title>
<telerik:RadScriptBlock runat="server" ID="RadScriptBlock1">
<script type="text/javascript">
function pageLoad()
{
PageMethods.GetData(loadGrid);
}
function loadGrid(result)
{
result = ensureDataSource(result);
var grid = $find("<%=RadGrid1.ClientID %>");
grid.get_masterTableView().set_dataSource(result);
grid.get_masterTableView().dataBind();
}
function ensureDataSource(result)
{
for (var i = 0, j = result.length; i < j; i++)
{
//ensure current item i.e. result[i] escape();
}
return result;
}
</script>
</telerik:RadScriptBlock>
</head>
<body>
<form id="form1" runat="server">
<asp:ScriptManager runat="server" ID="ScriptManager1" EnablePageMethods="true"></asp:ScriptManager>
<div>
<telerik:RadGrid runat="server" ID="RadGrid1"
AllowPaging="true" AllowFilteringByColumn="true">
<MasterTableView AutoGenerateColumns="False" CellSpacing="-1" DataKeyNames="CustomerID"
>
<Columns>
<telerik:GridBoundColumn DataField="CustomerID" HeaderText="CustomerID"
ReadOnly="True" SortExpression="CustomerID" UniqueName="CustomerID">
</telerik:GridBoundColumn>
<telerik:GridBoundColumn DataField="CompanyName" HeaderText="CompanyName"
SortExpression="CompanyName" UniqueName="CompanyName">
</telerik:GridBoundColumn>
<telerik:GridBoundColumn DataField="ContactName" HeaderText="ContactName"
SortExpression="ContactName" UniqueName="ContactName">
</telerik:GridBoundColumn>
<telerik:GridBoundColumn DataField="ContactTitle" HeaderText="ContactTitle"
SortExpression="ContactTitle" UniqueName="ContactTitle">
</telerik:GridBoundColumn>
</Columns>
</MasterTableView>
<ClientSettings>
<ClientEvents OnCommand="function(){}" />
</ClientSettings>
</telerik:RadGrid>
</div>
</form>
</body>
三:escape例子()
This function encodes special characters, with the exception of: * @ - _ + . /
<script type="text/javascript">
document.write(escape("Need tips? Visit W3Schools!"));
</script>
输出:
Need%20tips%3F%20Visit%20W3Schools%21
- Telerik RadGrid 控件如何防止XSS Attack
- telerik:RadGrid
- Telerik RadGrid
- telerik 中radgrid获取insertitem中的控件方法
- Telerik RadGrid 分页 NextPrevNumericAndAdvanced
- Telerik ASP.NET Ajax RadGrid - 如何实现双击行触发ItemCommand
- telerik RadTreeList、RadGrid的itemCommand用法区别
- telerik:RadGrid导出Excel隐藏列
- 如何php防止XSS攻击
- [c#] protect xss attack
- Telerik RadGrid 分页的高级访问,比如Globalization
- Operating with the FilterExpression of Telerik RadGrid Manually
- telerik:RadGrid 学习笔记 (增删查改)
- MVC 如何防止XSS、SQL注入攻击
- TeleRik 控件地址
- Telerik 常用控件
- telerik控件学习资料
- Telerik控件相关演示
- 公司技术管理角度看C++游戏程序员发展
- 简单linux网络编程
- 用 Hadoop 进行分布式并行编程, 第 1 部分
- C#预处理器指令入门
- windows7 安装Oracle 10g客户端
- Telerik RadGrid 控件如何防止XSS Attack
- Oracle自增ID的解决办法
- 能力是一种态度(转贴借以自勉)
- vc++有关的数据类型转化
- petshop4.0 设计说明
- 如何让MS-sqlserver自增列重新从1开始算起
- JavaScript获取不重复随机数
- Swing中的线程 --invokeLater
- 白癜风为什么要忌口?