Legal submission of HTML tags (2)

Submit a valid HTML tag (2)

A inherits property is used to set the class associated with the page in the background code. We open the file referred to by the CodeFile property and find the class name that the attribute refers to. However, only the user-defined event handlers are stored here, and there is no declaration of any server-side objects.

But here we find that the class is a partial (partial) class, which means that the system also hides a file that holds another part of the class. In this hidden file, there is the declaration and property setting code for all server-side controls. These two partial classes have completely declared a class that inherits from the page class.

As a page, because it will eventually be interpreted as a class by the system, the relationship between the page and the background code class is an inheritance. So, here the Inherits property is set to the inherited class.

2. Example Description

The writer is bored and writes a simple HTML editing control.

The effect is good, but it is always said to be potentially dangerous when submitting data in an ASP. The check code did not find any danger, just the content of the submission has some line-wrapping label "<br>". This is to let the input content in the display of the time to change a line, but has been through.

Very helpless! However, after checking the information to know, in this need to submit information on the page of the @page instructions to simply set a bit.

In order to show the effect more visually, we can simply enter HTML text in the text box to commit, instead of using the HTML edit control.

3. Example Application

"Example 3-1" I would like to submit a valid HTML tag.

(1) We create a new project and create a new Web Form page.

(2) in the foreground page, drag a text box with the ID property set to Txtcontent.

(3) on the foreground page, drag a command button with the ID property set to the Btnsubmit,text property set to submit.

(4) Wrap, drag a Label control into the page, and set the ID property to Lblshow.

(5) in page Design view, double-click the command button btnsubmit, and add an event.

The page code is as follows:

(6) When the user clicks the command button, the value in the text box should be displayed in the label, here we modify the command button Btnsubmit event handler, the code is as follows:

(7) Finally, of course, to set the @page command on the page, we need to add a ValidateRequest property, and set its value to false. The modified @page instruction code is as follows:

4. Running Results

Save the file, run the project, and access the page.

Let's first enter "hello!<br> Hello!" in the text box. "String, and then click the Submit button, as shown in result 3-1.

You can see "hello!" in the results of the label display. and "Hello!" "A line has been changed between them.

However, at this point we do not see the benefit of modifying this property, we delete the ValidateRequest property setting in the @page directive, and then enter "hello!<br> Hello!" , click the Submit button, as shown in result 3-2.

Figure 3-1 Running Results

Figure 3-2 Running results after deleting the ValidateRequest property

As you can see, something went wrong. A potentially dangerous request.form value was detected.

5. Example Analysis

SOURCE parsing: This example creates a TextBox control, a button control, and a label control that displays the value in the TextBox control using a Label control when the button control submits the form.

During the server submission process, the system automatically verifies the security of the request, and if an HTML tag is checked, the system considers the request to be unsafe. We need to close this page to verify the request data, set the ValidateRequest property value of this page @page instruction to False.

Legal submission of HTML tags (2)