0

例子 :

  string a="<div onclick="javascript:alert('111');"></div>"

我想得到结果:

   &lt;div onclick="javascript:alert('111');" &gt;&lt;/div&gt;

 protected void Page_Load(object sender, EventArgs e)
        {

                string a = "<p style='font-style: italic' onclick='alert('hacked!!');'>Hello World</p>";
                string b =
        Regex.Replace(
            a,
            @"(<[\s\S]*?) on.*?\=(['""])[\s\S]*?\2([\s\S]*?>)",
            delegate(Match match)
            {
                string br = match.Groups[1].Value;
                string bbb = match.Groups[2].Value;
                return String.Concat(match.Groups[1].Value,match.Groups[3].Value);
            }, RegexOptions.Compiled | RegexOptions.IgnoreCase);

                Response.Write(b);
            }
4

1 回答 1

1

尝试这个:

string a = Server.HtmlEncode("<div onclick=\"javascript:alert('111');\"></div>");
string a2 = Server.HtmlEncode(a);
Response.Write( a2);
于 2013-09-22T09:29:59.053 回答