c#替换字符串函数不返回预期结果

Question

string message = CommonFunctions.SanitiseInput(context.Request.QueryString["msg"]);

功能定义为:

// Sanitise input
public static string SanitiseInput(string inputText)
{
    string cleanedString = inputText;

    cleanedString.Replace("<","&lt;");      // No code
    cleanedString.Replace(">", "&gt;");
    cleanedString.Replace("&", "&amp;");    // No query string breaks

    return cleanedString;
}

给定输入,"<b>rg</b>"返回相同,而不是"<b>rg</b>"

Answer 1

ReplaceC#中的函数不会修改字符串本身 - 它返回字符串的修改版本.

试试这个:

public static string SanitiseInput(string inputText)
{
    string cleanedString = inputText;

    cleanedString = cleanedString.Replace("<","&lt;");      // No code
    cleanedString = cleanedString.Replace(">", "&gt;");
    cleanedString = cleanedString.Replace("&", "&amp;");    // No query string breaks

    return cleanedString;
}

因为"<b>rg</b>"这会给你"<b>rg</b>".要修复不必要的转换"&",请将第三个替换移到另外两个之前,这将为您提供您期望的结果.