I'm using an Anti XSS Output encoder similar t开发者_如何学Pythono the one htat Phil Hacck put forward here
Unfortuantely, it's running rampant over my Site.master and fouling up the meta-tags like so:
<meta name="robots" content="all, follow" />
And in Site.master it is written simply as:
<meta name="robots" content="all, follow" />
Which would be the correct output under normal circumstances, but I'd prefer to be able to skip the meta tags in the site.master.
Is there a way to do this while running your own HttpEncoder?
I don't think you get that information, but you could try whitelisting allowed values, if you don't have many meta tags like this.
A simplified version would be:
protected override void HtmlAttributeEncode(string value, TextWriter output)
{
if (value != "all, follow")
{
output.Write(AntiXss.HtmlAttributeEncode(value));
}
else
{
output.Write(value);
}
}
Not ideal, but insofar as I can see, HttpEncoder doesn't hand you context.
精彩评论