添加链接
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
// Create a character array. char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ', 'w', 'o', 'r', 'l', 'd'}; // Write a character array to the client. Response.Write(charArray, 0, charArray.Length); // Write a single characher. Response.Write(';'); // Write a sub-section of a character array to the client. Response.Write(charArray, 0, 5); // // Write an object to the client. object obj = (object)13; Response.Write(obj); // Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _ "w"c, "o"c, "r"c, "l"c, "d"c} ' Write a character array to the client. Response.Write(charArray, 0, charArray.Length) ' Write a single character. Response.Write(";"c) ' Write a sub-section of a character array to the client. Response.Write(charArray, 0, 5) ' ' Write an object to the client. Dim obj As Object obj = CType(13, Object) Response.Write(obj) ' void Write(System::Object ^ obj);
public void Write (object obj);
member this.Write : obj -> unit
Public Sub Write (obj As Object)
void Write(System::String ^ s);
public void Write (string s);
member this.Write : string -> unit
Public Sub Write (s As String)

下列範例會將用戶端的名稱回應回用戶端的瀏覽器。 方法 HtmlEncode 會移除任何可能已在輸入欄位中提交的 UserName 惡意腳本和無效字元。

Response.Write("Hello " + Server.HtmlEncode(Request.QueryString["UserName"]) + "<br>");
Response.Write("Hello " & Server.HtmlEncode(Request.QueryString("UserName")) & "<br>")
    	

如果從 Web 用戶端接收的輸入或從用戶端傳輸回用戶端時,動態產生的 HTML 頁面可能會造成安全性風險。 內嵌在提交至網站的輸入中且稍後寫回給用戶端的惡意腳本,可能似乎源自信任的來源。 此安全性風險稱為跨網站腳本攻擊。 當從您的網站傳輸到用戶端瀏覽器時,您應該一律驗證從用戶端接收的資料。

此外,每當您寫出為 HTML 時,任何收到作為輸入的資料,都應該使用 或 UrlEncode 之類的 HtmlEncode 技術進行編碼,以防止惡意腳本執行。 這項技術適用于未在收到資料時驗證的資料。

當您編碼或篩選資料時,您必須指定網頁的字元集,讓篩選可以識別和移除不屬於該集合的任何位元組序列 (,例如非虛構序列) ,而且可能內嵌惡意腳本。

public:
 void Write(cli::array <char> ^ buffer, int index, int count);
public void Write (char[] buffer, int index, int count);
member this.Write : char[] * int * int -> unit
Public Sub Write (buffer As Char(), index As Integer, count As Integer)
// Create a character array. char[] charArray = {'H', 'e', 'l', 'l', 'o', ',', ' ', 'w', 'o', 'r', 'l', 'd'}; // Write a character array to the client. Response.Write(charArray, 0, charArray.Length); // Write a single characher. Response.Write(';'); // Write a sub-section of a character array to the client. Response.Write(charArray, 0, 5); // <snippet6> // Write an object to the client. object obj = (object)13; Response.Write(obj); // </snippet6> Dim charArray As Char() = {"H"c, "e"c, "l"c, "l"c, "o"c, ","c, " "c, _ "w"c, "o"c, "r"c, "l"c, "d"c} ' Write a character array to the client. Response.Write(charArray, 0, charArray.Length) ' Write a single character. Response.Write(";"c) ' Write a sub-section of a character array to the client. Response.Write(charArray, 0, 5) ' <snippet6> ' Write an object to the client. Dim obj As Object obj = CType(13, Object) Response.Write(obj) ' </snippet6>