/// <summary> /// HtmlEncode防止XSS /// </summary> public void ModelHtmlEncode(Models.BooksSearchArg arg) { arg.BookClassId = Server.HtmlEncode(arg.BookClassId); arg.BookName = Server.HtmlEncode(arg.BookName); arg.BookStatusCode = Server.HtmlEncode(arg.BookStatusCode); arg.KeeperId = Server.HtmlEncode(arg.KeeperId); }
/// <summary> /// 以BookId搜尋此書 /// </summary> public Models.Books GetBookDetail(int id) { //HtmlEncode //id = Server.HtmlEncode(id); //Models.BooksSearchArg arg = new Models.BooksSearchArg { BookId = Convert.ToInt32(id) }; Models.BooksSearchArg arg = new Models.BooksSearchArg { BookId = id }; Models.Books books = this.booksService.GetBooks(arg).FirstOrDefault(); ModelHtmlDecode(books); return books; }
public ActionResult Index(Models.BooksSearchArg arg) { //HtmlEncode ModelHtmlEncode(arg); //BookData List<Models.Books>searchResult= this.booksService.GetBooks(arg); foreach(Models.Books book in searchResult) { ModelHtmlDecode(book); } ViewBag.SearchResult = searchResult; SetDropDownListItmes(); return View("Index"); }