ASP.NET Tutorial/Development/Javascript — различия между версиями
Admin (обсуждение | вклад) м (1 версия) |
|
(нет различий)
|
Версия 18:30, 26 мая 2010
Script Injection
<source lang="csharp">
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="ScriptInjection" ValidateRequest="false"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server">
<title>Untitled Page</title>
</head> <body>
<form id="form1" runat="server"> <asp:TextBox id="txtInput" runat="server" Width="298px"><script>alert("Script Injection");</script></asp:TextBox> <asp:Button id="cmdSubmit" runat="server" Text="Submit" OnClick="cmdSubmit_Click"></asp:Button> <asp:Label id="lblInfo" runat="server"></asp:Label> </form>
</body> </html> File: Default.aspx.cs using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; public partial class ScriptInjection : System.Web.UI.Page {
protected void cmdSubmit_Click(object sender, EventArgs e) { lblInfo.Text = txtInput.Text; }
}</source>