/// <summary> /// HtmlEncode防止XSS /// </summary> public void ModelHtmlEncode(BooksSearchArg arg) { arg.BookClassId = Server.HtmlEncode(arg.BookClassId); arg.BookName = Server.HtmlEncode(arg.BookName); arg.BookStatusCode = Server.HtmlEncode(arg.BookStatusCode); arg.KeeperId = Server.HtmlEncode(arg.KeeperId); }
/// <summary> /// 以BookId搜尋此書 /// </summary> public BOOK_DATA GetBookDetail(int id) { BooksSearchArg arg = new BooksSearchArg { BookId = id }; BOOK_DATA book = this.booksService.GetBooks(arg).FirstOrDefault(); ModelHtmlDecode(book); return(book); }
public ActionResult Index(BooksSearchArg arg) { //HtmlEncode ModelHtmlEncode(arg); //BookData List <BOOK_DATA> searchResult = this.booksService.GetBooks(arg); foreach (var book in searchResult) { ModelHtmlDecode(book); } ViewBag.SearchResult = searchResult; SetDropDownListItmes(); return(View("Index")); }