我应该使用htmlspecialchars吗?(Should I be using htmlspecialchars?)
我似乎无法理解何时使用htmlspecialchars() 。
假设我在插入数据时执行以下操作:
$_POST = filter_input_array(INPUT_POST, [ 'name' => FILTER_SANITIZE_STRING, 'homepage' => FILTER_DEFAULT // do nothing ]); $course = new Course(); $course->name = trim($_POST['name']); $course->homepage = $_POST['homepage']; // may contain unsafe HTML $courseDAO = DAOFactory::getCourseDAO(); $courseDAO->addCourse($course); // simple insert statement当我输出时,我会做以下事情:
$courseDAO = DAOFactory::getCourseDAO(); $course = $courseDAO->getCourseById($_GET['id']); ?> <?php ob_start() ?> <h1><?= $course->name ?></h1> <div class="homepage"><?= $course->homepage ?></div> <?php $content = ob_get_clean() ?> <?php include 'layout.php' ?>我希望浏览器将
$course->homepage视为HTML并呈现为HTML。我一直在读这个问题的答案 。 我应该在这里的任何地方使用
htmlspecialchars()吗?I seem to have trouble understanding when to use htmlspecialchars().
Let's say I do the following when I am inserting data:
$_POST = filter_input_array(INPUT_POST, [ 'name' => FILTER_SANITIZE_STRING, 'homepage' => FILTER_DEFAULT // do nothing ]); $course = new Course(); $course->name = trim($_POST['name']); $course->homepage = $_POST['homepage']; // may contain unsafe HTML $courseDAO = DAOFactory::getCourseDAO(); $courseDAO->addCourse($course); // simple insert statementWhen I ouput, I do the following:
$courseDAO = DAOFactory::getCourseDAO(); $course = $courseDAO->getCourseById($_GET['id']); ?> <?php ob_start() ?> <h1><?= $course->name ?></h1> <div class="homepage"><?= $course->homepage ?></div> <?php $content = ob_get_clean() ?> <?php include 'layout.php' ?>I would like that
$course->homepagebe treated and rendered as HTML by the browser.I've been reading answers on this question. Should I be using
htmlspecialchars()anywhere here?
原文:https://stackoverflow.com/questions/36914374
更新时间:2022-05-29 07:05
最满意答案
使用
Binding和Converter。public sealed class VisibilityToBorderThicknessConverter : IValueConverter { public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) { try { var flag = (Visibility)value; if (flag == Visibility.Visible) return new Thickness(0); else return new Thickness(1); } catch { return new Thickness(0); } } public object ConvertBack(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) { throw new NotImplementedException(); } }和比你的xaml:
<ScrollViewer Name="blah"> <Border BorderThickness="{Binding ElementName=blah, Path=VerticalScrollBarVisibility , Converter={StaticResources VisibilityToBorder}}"> </ScrollViewer>不要忘记将您的转换器添加到资源!
GL&HF
Use
BindingandConverter.public sealed class VisibilityToBorderThicknessConverter : IValueConverter { public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) { try { var flag = (Visibility)value; if (flag == Visibility.Visible) return new Thickness(0); else return new Thickness(1); } catch { return new Thickness(0); } } public object ConvertBack(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) { throw new NotImplementedException(); } }and than your xaml:
<ScrollViewer Name="blah"> <Border BorderThickness="{Binding ElementName=blah, Path=VerticalScrollBarVisibility , Converter={StaticResources VisibilityToBorder}}"> </ScrollViewer>don't forget to add your converter to resources!
GL&HF
相关问答
更多-
你试过ScrollViewer.ComputedHorizontalScrollBarVisibility吗? Have you tried ScrollViewer.ComputedHorizontalScrollBarVisibility?
-
当ScrollBar可见时,WPF ScrollViewer显示边框(WPF ScrollViewer show border when ScrollBar is Visible)[2023-05-27]
使用Binding和Converter 。 public sealed class VisibilityToBorderThicknessConverter : IValueConverter { public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture) { try { ... -
要获取ItemsControl的滚动条,您可以在ScrollViewer托管它,如下所示:
-
我必须通过获取ScrollViewer的内容所需高度并添加ScrollBar高度(如果可见)来计算所需高度。 这对我来说仍然有点尴尬,所以如果你有更好的解决方案,我会很乐意改变接受的答案。 public class HeightChangedBehavior : Behavior
{ public ICommand HeightChangedCommand { get { return (ICommand)GetValue(HeightChangedCommandProp ... -
WPF ScrollViewer错误(WPF ScrollViewer bug)[2024-05-08]
StackPanel和ScrollViewer融合不好,看起来你的StackPanel在你的代码中没用,只需将你的Grid.Column直接设置在你的边框中,这应该可以解决问题。 这个示例代码是您的ScrollViewer元素的孩子吗? UPDATE 手动执行此操作的简单方法是执行此操作:// Your DataGri ... -
包含面板的高度不受限制。 发生的事情是,包含面板(包含DataGrid的StackPanel)正在增长,因此DataGrid认为它不需要滚动。 尝试在StackPanel上设置一个高度值(如窗口的高度,或类似的东西)。 滚动条应该出现并工作。 The containing panel's height is not constrained. What is happening is that your containing panel (the StackPanel containing the DataG ...
-
使用ScrollViewer上的Computed [Vertical | Horizontal] ScrollBarVisibility属性:您将第一列的宽度设置为静态值(300),以便在调整窗口大小时列宽不会更改。 如果设置动态值,ScrollViewer将按预期工作。
... 我没有看过在XAML中这样做,但你可以在后面的代码中这样做: public partial class MainWindow : Window { private void IncrementColumn(UIElement element) { Grid.SetColumn(element, Grid.GetColumn(element) + 1); } public MainWindow() { InitializeCompone ...usercontrol中的WPF Scrollviewer不显示垂直滚动条(WPF Scrollviewer inside usercontrol doesn't show vertical scrollbar)[2022-10-04]
将ScrollViewer放在Grid 。 这有助于ScrollViewer使用Grid的可用空间,如果内容溢出,它将显示滚动条。 这取决于您使用UserControl 。 确保此UserControl未放置在ScrollViewer或任何可滚动控件内。相关文章
更多- Hadoop的I/O
- Lua 文件 I/O 操作
- Groovy 文件I/O 操作详解
- I18n的一个问题
- Hadoop I/O系统介绍
- Who AM I Casting Crowns自我简介
- I18N 国际化 简介
- Hadoop1.0.4 HDFS I/O性能测试
- [转]Top 20 Programming Lessons I've Learned in 20 Years
- Bentley.STAAD.RCDC.V8i.04.01.01.03 1CD
最新问答
更多- 您如何使用git diff文件,并将其应用于同一存储库的副本的本地分支?(How do you take a git diff file, and apply it to a local branch that is a copy of the same repository?)
- 将长浮点值剪切为2个小数点并复制到字符数组(Cut Long Float Value to 2 decimal points and copy to Character Array)
- OctoberCMS侧边栏不呈现(OctoberCMS Sidebar not rendering)
- 页面加载后对象是否有资格进行垃圾回收?(Are objects eligible for garbage collection after the page loads?)
- codeigniter中的语言不能按预期工作(language in codeigniter doesn' t work as expected)
- 在计算机拍照在哪里进入
- 使用cin.get()从c ++中的输入流中丢弃不需要的字符(Using cin.get() to discard unwanted characters from the input stream in c++)
- No for循环将在for循环中运行。(No for loop will run inside for loop. Testing for primes)
- 单页应用程序:页面重新加载(Single Page Application: page reload)
- 在循环中选择具有相似模式的列名称(Selecting Column Name With Similar Pattern in a Loop)
- System.StackOverflow错误(System.StackOverflow error)
- KnockoutJS未在嵌套模板上应用beforeRemove和afterAdd(KnockoutJS not applying beforeRemove and afterAdd on nested templates)
- 散列包括方法和/或嵌套属性(Hash include methods and/or nested attributes)
- android - 如何避免使用Samsung RFS文件系统延迟/冻结?(android - how to avoid lag/freezes with Samsung RFS filesystem?)
- TensorFlow:基于索引列表创建新张量(TensorFlow: Create a new tensor based on list of indices)
- 企业安全培训的各项内容
- 错误:RPC失败;(error: RPC failed; curl transfer closed with outstanding read data remaining)
- C#类名中允许哪些字符?(What characters are allowed in C# class name?)
- NumPy:将int64值存储在np.array中并使用dtype float64并将其转换回整数是否安全?(NumPy: Is it safe to store an int64 value in an np.array with dtype float64 and later convert it back to integer?)
- 注销后如何隐藏导航portlet?(How to hide navigation portlet after logout?)
- 将多个行和可变行移动到列(moving multiple and variable rows to columns)
- 提交表单时忽略基础href,而不使用Javascript(ignore base href when submitting form, without using Javascript)
- 对setOnInfoWindowClickListener的意图(Intent on setOnInfoWindowClickListener)
- Angular $资源不会改变方法(Angular $resource doesn't change method)
- 在Angular 5中不是一个函数(is not a function in Angular 5)
- 如何配置Composite C1以将.m和桌面作为同一站点提供服务(How to configure Composite C1 to serve .m and desktop as the same site)
- 不适用:悬停在悬停时:在元素之前[复制](Don't apply :hover when hovering on :before element [duplicate])
- 常见的python rpc和cli接口(Common python rpc and cli interface)
- Mysql DB单个字段匹配多个其他字段(Mysql DB single field matching to multiple other fields)
- 产品页面上的Magento Up出售对齐问题(Magento Up sell alignment issue on the products page)