/// <summary>
/// HtmlEncode防止XSS
/// </summary>
public void ModelHtmlEncode(BooksSearchArg arg)
{
arg.BookClassId = Server.HtmlEncode(arg.BookClassId);
arg.BookName = Server.HtmlEncode(arg.BookName);
arg.BookStatusCode = Server.HtmlEncode(arg.BookStatusCode);
arg.KeeperId = Server.HtmlEncode(arg.KeeperId);
}
/// <summary>
/// 以BookId搜尋此書
/// </summary>
public BOOK_DATA GetBookDetail(int id)
{
BooksSearchArg arg = new BooksSearchArg {
BookId = id
};
BOOK_DATA book = this.booksService.GetBooks(arg).FirstOrDefault();
ModelHtmlDecode(book);
return(book);
}
public ActionResult Index(BooksSearchArg arg)
{
//HtmlEncode
ModelHtmlEncode(arg);
//BookData
List <BOOK_DATA> searchResult = this.booksService.GetBooks(arg);
foreach (var book in searchResult)
{
ModelHtmlDecode(book);
}
ViewBag.SearchResult = searchResult;
SetDropDownListItmes();
return(View("Index"));
}
