asp.net(C#) 编码解码(HtmlEncode与HtmlEncode)

Default.aspx

<% @ Page ValidateRequest = " false "  Language = " C# "  AutoEventWireup = " true "  CodeFile = " Default.aspx.cs "  Inherits = " test_Default "   %>

<! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >

< html  xmlns ="http://www.w3.org/1999/xhtml"   >
< head  runat ="server" >
     < title > asp.net(C#) 编码解码(HtmlEncode与HtmlEncode) </ title >
</ head >
< body >
     < form  id ="form1"  runat ="server" >
     < div >
         < asp:Label  ID ="lblShow"  runat ="server"  Text ="Label" ></ asp:Label >
         < asp:TextBox  ID ="txtInput"  runat ="server"  Height ="194px"  TextMode ="MultiLine"  Width ="305px" ></ asp:TextBox >
         < asp:Button  ID ="btnOk"  runat ="server"  Text ="提交"  OnClick ="btnOk_Click"   /></ div >
     </ form >
</ body >
</ html >

Default.aspx.cs

using  System;
using  System.Data;
using  System.Configuration;
using  System.Collections;
using  System.Web;
using  System.Web.Security;
using  System.Web.UI;
using  System.Web.UI.WebControls;
using  System.Web.UI.WebControls.WebParts;
using  System.Web.UI.HtmlControls;
/* **********************编码研究***********************
 * 1.默认情况是不允许用户在TextBox中输入html标签的,
 *   如果需要输入,设置Page的ValidateRequest="false"
 * 2.可以把输入的html标签,比如<input>直接存放在数据库中,
 *   只是在输出的时候编码,防止原样输出打乱页面布局.或者呈现html元素.
 **************************************************** */
public   partial   class  test_Default : System.Web.UI.Page
{
     protected   void  Page_Load( object  sender, EventArgs e)
    {

    }
     protected   void  btnOk_Click( object  sender, EventArgs e)
    {
        lblShow.Text  =  htmlEncode(txtInput.Text);
    } 
     ///   <summary>
     ///  对输入的html编码,同时对回车与空格进行转换
     ///   </summary>
     ///   <param name="str"></param>
     ///   <returns></returns>
     public   string  htmlEncode( string  str)
    {
         return  Server.HtmlEncode(str).Replace( " \n " ,  " <br/> " ).Replace( "   " ,  "   " );
    }

}