// Create a character array.
char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ',
'w', 'o', 'r', 'l', 'd'};
// Write a character array to the client.
Response.Write(charArray, 0, charArray.Length);
// Write a single characher.
Response.Write(';');
// Write a sub-section of a character array to the client.
Response.Write(charArray, 0, 5);
//
// Write an object to the client.
object obj = (object)13;
Response.Write(obj);
//
Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _
"w"c, "o"c, "r"c, "l"c, "d"c}
' Write a character array to the client.
Response.Write(charArray, 0, charArray.Length)
' Write a single character.
Response.Write(";"c)
' Write a sub-section of a character array to the client.
Response.Write(charArray, 0, 5)
'
' Write an object to the client.
Dim obj As Object
obj = CType(13, Object)
Response.Write(obj)
'
void Write(System::Object ^ obj);
public void Write (object obj);
member this.Write : obj -> unit
Public Sub Write (obj As Object)
void Write(System::String ^ s);
public void Write (string s);
member this.Write : string -> unit
Public Sub Write (s As String)
下列範例會將用戶端的名稱回應回用戶端的瀏覽器。 方法
HtmlEncode
會移除任何可能已在輸入欄位中提交的
UserName
惡意腳本和無效字元。
Response.Write("Hello " + Server.HtmlEncode(Request.QueryString["UserName"]) + "<br>");
Response.Write("Hello " & Server.HtmlEncode(Request.QueryString("UserName")) & "<br>")
如果從 Web 用戶端接收的輸入或從用戶端傳輸回用戶端時,動態產生的 HTML 頁面可能會造成安全性風險。 內嵌在提交至網站的輸入中且稍後寫回給用戶端的惡意腳本,可能似乎源自信任的來源。 此安全性風險稱為跨網站腳本攻擊。 當從您的網站傳輸到用戶端瀏覽器時,您應該一律驗證從用戶端接收的資料。
此外,每當您寫出為 HTML 時,任何收到作為輸入的資料,都應該使用 或 UrlEncode 之類的 HtmlEncode 技術進行編碼,以防止惡意腳本執行。 這項技術適用于未在收到資料時驗證的資料。
當您編碼或篩選資料時,您必須指定網頁的字元集,讓篩選可以識別和移除不屬於該集合的任何位元組序列 (,例如非虛構序列) ,而且可能內嵌惡意腳本。
public:
void Write(cli::array <char> ^ buffer, int index, int count);
public void Write (char[] buffer, int index, int count);
member this.Write : char[] * int * int -> unit
Public Sub Write (buffer As Char(), index As Integer, count As Integer)
// Create a character array.
char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ',
'w', 'o', 'r', 'l', 'd'};
// Write a character array to the client.
Response.Write(charArray, 0, charArray.Length);
// Write a single characher.
Response.Write(';');
// Write a sub-section of a character array to the client.
Response.Write(charArray, 0, 5);
// <snippet6>
// Write an object to the client.
object obj = (object)13;
Response.Write(obj);
// </snippet6>
Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _
"w"c, "o"c, "r"c, "l"c, "d"c}
' Write a character array to the client.
Response.Write(charArray, 0, charArray.Length)
' Write a single character.
Response.Write(";"c)
' Write a sub-section of a character array to the client.
Response.Write(charArray, 0, 5)
' <snippet6>
' Write an object to the client.
Dim obj As Object
obj = CType(13, Object)
Response.Write(obj)
' </snippet6>