ASP.NET Tutorial/Development/Javascript

Материал из .Net Framework эксперт
Перейти к: навигация, поиск

Script Injection

   <source lang="csharp">

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="ScriptInjection" ValidateRequest="false"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server">

   <title>Untitled Page</title>

</head> <body>

   <form id="form1" runat="server">
   <asp:TextBox id="txtInput" runat="server" Width="298px"><script>alert("Script Injection");</script></asp:TextBox>
 <asp:Button id="cmdSubmit" runat="server" Text="Submit" OnClick="cmdSubmit_Click"></asp:Button>
 <asp:Label id="lblInfo" runat="server"></asp:Label>
   </form>

</body> </html> File: Default.aspx.cs using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; public partial class ScriptInjection : System.Web.UI.Page {

 protected void cmdSubmit_Click(object sender, EventArgs e)
 {
   lblInfo.Text = txtInput.Text;
 }

}</source>