动态地将HTML代码从String注入到asp.net页面中

问题描述

|| 我在VB ASP.NET中有一个页面，其中包含以下代码（由VS生成）：

<%@ Page Language=\"VB\" AutoEventWireup=\"false\" CodeFile=\"Payment2.aspx.vb\" Inherits=\"Payment2\" %>

<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head runat=\"server\">
   <title></title>
</head>
<body>
   <form id=\"form1\" runat=\"server\">
     <div>

     </div>
   </form>
</body>
</html>

带代码

Partial Class Payment2
   Inherits System.Web.UI.Page

   Sub Page_Load(ByVal S As Object,ByVal E As EventArgs)

   End Sub

End Class

我希望能够将以下String注入页面并显示。

<form name=\"downloadform3D\" action=\"https://something.asp\" method=\"post\">
<NOSCRIPT>
JavaScript is currently disabled or is not supported by your browser.<br>
Please click on the &quot;Continue&quot; button to continue<br>
<input class=\"ncol\" type=\"submit\" value=\"Continue\" id=\"submit1\" name=\"submit1\" />
</NOSCRIPT>
<input type=\"hidden\" name=\"CSRFKEY\" value=\"abc\" />
<input type=\"hidden\" name=\"CSrftS\" value=\"abc\" />
<input type=\"hidden\" name=\"CSRFSP\" value=\"/ncol/test/something.asp\" />
<input type=\"hidden\" name=\"PaReq\" value=\"<?xml version=&quot;1.0&quot;?><ThreeDSecure><Message id=&quot;123&quot;><PAReq><version>1.02</version><Merchant><merID>abc</merID><name>abc</name><url>http://www.abc.com</url></Merchant><Purchase><xid>123</xid><amount>1</amount><purchAmount>1</purchAmount><currency>GBP</currency></Purchase><CH><acctID>12345</acctID><expiry>1234</expiry><selBrand></selBrand></CH></PAReq></Message></ThreeDSecure>
\" />
<input type=\"hidden\" name=\"TermUrl\" value=\"https://something.asp\" />
<input type=\"hidden\" name=\"MD\" value=\"12334\" />
</form>
<form method=\"post\" action=\"https://somethig.asp\" name=\"uploadForm3D\">
<input type=\"hidden\" name=\"CSRFKEY\" value=\"1234A\" />
<input type=\"hidden\" name=\"CSrftS\" value=\"1234\" />
<input type=\"hidden\" name=\"CSRFSP\" value=\"/something.asp\" />
<input type=\"hidden\" name=\"branding\" value=\"abc\" />
</form>
<SCRIPT LANGUAGE=\"Javascript\" >
<!--
var popupWin;
var submitpopupWin = 0;

function LoadPopup() {
if (self.name == null)  {
    self.name = \"ogoneMain\";
}
popupWin = window.open(\'about:blank\',\'popupWin\',\'height=400,width=390,status=yes,dependent=no,scrollbars=yes,resizable=no\');
if (popupWin != null) {
    if  (!popupWin || popupWin.closed) {
        return 1;
    } else {
        if (!popupWin.opener || popupWin.opener == null) {
            popupWin.opener = self;
        }
        self.document.forms.downloadform3D.target = \'popupWin\';
        if (submitpopupWin == 1) {
            self.document.forms.downloadform3D.submit();
        }
        popupWin.focus();
        return 0;
    }
} else {
    return 1;
}
}
self.document.forms.downloadform3D.submit();
//-->
</SCRIPT>

我看过Google，但没有任何帮助（由于我是网络编程的新手，所以我可能输入了错误的搜索字词）。非常感谢您的帮助，因为我不是ASP专家，而且我已经拔掉了我留给我的那三头短毛3天了：( 提前致谢。

解决方法

您可以执行Response.Write，要么您可以使用asp：Literal asp有几种模式：文字控制 PassThrough呈现内容“按原样”，包括html标记和脚本。如果您不完全控制输出，那么这是个坏主意。如果您动态地包含将从用户输入或数据库中存储的值中提取的所有信息，则可能会使自己面临安全风险。编码是HTML编码的。它被视为文本而不是HTML，因此这对您不起作用 Transform尝试更改标记以匹配可能无法正常工作的浏览器。另一种选择是使用用户控件并根据需要设置其“可见”属性。 ,从您的问题来看，您似乎正在尝试从服务器端插入字符串，但我认为最好在aspx页面本身中进行操作。从aspx页面删除以下代码：

  <form id=\"form1\" runat=\"server\">
     <div>

     </div>
  </form>

并放入您的代码。它看起来应该像这样：

<%@ Page Language=\"VB\" AutoEventWireup=\"false\" CodeFile=\"Payment2.aspx.vb\" Inherits=\"Payment2\" %>

<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head runat=\"server\">
   <title></title>
</head>
<body>
<form name=\"downloadform3D\" action=\"https://something.asp\" method=\"post\">
<NOSCRIPT>
JavaScript is currently disabled or is not supported by your browser.<br>
Please click on the &quot;Continue&quot; button to continue<br>
<input class=\"ncol\" type=\"submit\" value=\"Continue\" id=\"submit1\" name=\"submit1\" />
</NOSCRIPT>
<input type=\"hidden\" name=\"CSRFKEY\" value=\"abc\" />
<input type=\"hidden\" name=\"CSRFTS\" value=\"abc\" />
<input type=\"hidden\" name=\"CSRFSP\" value=\"/ncol/test/something.asp\" />
<input type=\"hidden\" name=\"PaReq\" value=\"<?xml version=&quot;1.0&quot;?><ThreeDSecure><Message id=&quot;123&quot;><PAReq><version>1.02</version><Merchant><merID>abc</merID><name>abc</name><url>http://www.abc.com</url></Merchant><Purchase><xid>123</xid><amount>1</amount><purchAmount>1</purchAmount><currency>GBP</currency></Purchase><CH><acctID>12345</acctID><expiry>1234</expiry><selBrand></selBrand></CH></PAReq></Message></ThreeDSecure>
\" />
<input type=\"hidden\" name=\"TermUrl\" value=\"https://something.asp\" />
<input type=\"hidden\" name=\"MD\" value=\"12334\" />
</form>
<form method=\"post\" action=\"https://somethig.asp\" name=\"uploadForm3D\">
<input type=\"hidden\" name=\"CSRFKEY\" value=\"1234A\" />
<input type=\"hidden\" name=\"CSRFTS\" value=\"1234\" />
<input type=\"hidden\" name=\"CSRFSP\" value=\"/something.asp\" />
<input type=\"hidden\" name=\"branding\" value=\"abc\" />
</form>
<SCRIPT LANGUAGE=\"Javascript\" >
<!--
var popupWin;
var submitpopupWin = 0;

function LoadPopup() {
if (self.name == null)  {
    self.name = \"ogoneMain\";
}
popupWin = window.open(\'about:blank\',\'popupWin\',\'height=400,width=390,status=yes,dependent=no,scrollbars=yes,resizable=no\');
if (popupWin != null) {
    if  (!popupWin || popupWin.closed) {
        return 1;
    } else {
        if (!popupWin.opener || popupWin.opener == null) {
            popupWin.opener = self;
        }
        self.document.forms.downloadform3D.target = \'popupWin\';
        if (submitpopupWin == 1) {
            self.document.forms.downloadform3D.submit();
        }
        popupWin.focus();
        return 0;
    }
} else {
    return 1;
}
}
self.document.forms.downloadform3D.submit();
//-->
</SCRIPT>
</body>
</html>

,您是否尝试过Response.Write（contents）;在Page_Load事件中。内容是要注入页面的数据。

asp.net html string string 代码代码代码动态动态注入注入页面页面