这是代码:
Response.Write("asd1 X : " + HttpUtility.HtmlEncode("×"));
Response.Write("asd2 X : " + HttpUtility.HtmlEncode("✖"));
第一个是:
asd1 X : × // OK, ENCODED AS HTML ENTITIES
第二个不,只是✖:
asd2 X : ✖
那是哪种字符?另外,如果我在这里尝试,结果是:
asd1 X : ×
asd2 X : ✖
什么??为什么会有这种差异?
My best guest is that not all strings has a entity representation. The Heavy multiplication X is just one of the many that don't.
To elaborate Oded's link, HttpUtility.HtmlEncode only encodes characters in ISO 8859-1 (Latin-1). Since the Heavy Multiplication X is out of this range, the function doesn't handle it.
If you try Microsoft.Security.Application.AntiXss.HtmlEncode("✖");, you'll get the HTML entity in ✖.