logo标签列表

从ASP.net传递变量到JavaScript

javascriptasp.net
28
如何从asp.net向JavaScript传递变量?
你想要做什么?提供一个例子会有帮助吗? - Xharze
1
无论使用哪种方法,记得使用 Microsoft.Security.Application.AntiXss.JavaScriptEncode 对字符串进行编码,以使其更加安全。 - Ray Cheng
7个回答
34
在您的代码后台创建一个属性。
protected string MyProperty { get { return "your value"; } }

接下来在JavaScript中

var myValue = "<%= MyProperty %>";
该初始化模式的安全性影响正在这里讨论:https://security.stackexchange.com/q/265713/79604 - Anis LOUNIS aka AnixPasBesoin
19

有许多方法:

1 - 使用JavaScript将其写出 <%= myVariable %>
2 - 在服务器端设置一个cookie,然后在客户端检索cookie
3 - 设置一个隐藏的表单输入来存储你的值
4 - 将值作为查询字符串参数重定向到您的页面,然后使用JavaScript解析参数
5 - 在服务器端构建所有JavaScript,保存到变量中,然后在客户端写出该变量
6 - 使用AJAX请求检索该值

第一个选项会导致“VBScript运行时错误'800a000d'类型不匹配”...至少当'myVariable'是经典asp页面中的记录集变量时,如<%= rs("myVariable") %>。 - Christos Karapapas
9
你可以使用ASP.Net HiddenField。只需要在服务器端设置它的值,然后在需要时通过javascript检索它。 服务器端: 
hdf_Test.Value = "yourValue";

HTML

<asp:HiddenField runat="server" ID="hdf_Test" />

Javascript

document.getElementById('hdf_Test').value
在服务器端,这段代码不起作用。我尝试了 string x; x.value="d"; 但它给了我一个错误? - user1363918
这是因为你试图使用一个变量而不是HiddenField控件。我已经更新了我的答案,提供更多信息。 - Josh Mein
2

您可以在代码后台使用以下内容:

public string json;

您需要为其赋值

在JavaScript中,您可以输入以下内容:

<script>
    var myVar = <%=json%>;
</script>
2

  1. Use javascript tag

    <script>
    var var1 = @var1;  
    var var2 = @var2;  
</script>

  2. Use hidden field

    <input type="hidden" value="@var1" id="h_var1"/>  
<input type="hidden" value="@var2" id="h_var2" />`

in js

$(function()
{
    var var1 = $("#h_var1").val();
    var var2 = $("#h_var2").val();
}

3. 使用json通过ajax检索数据

var var1;
var var2;
    $.get(url,function(result)
    {
        var1 = result.var1; var2 = result.var2;
     }

@var语法取决于您的视图引擎。它可能是<%= Var1 %>

1
如果您想在代码中获取字符串变量的等效值,可以使用以下代码:
示例:
string jsString= JsEncoder.JavaScriptEncode("This is an example of C# string to be converted to javascript string",true));

类代码:

using System;
using System.Collections.Generic;
using System.Globalization;
using System.Text;

namespace stackoverlofw.JavascriptEncoder
{
public class JsEncoder
{
    /// <summary>
    /// Empty string for Java Script context
    /// </summary>
    private const string JavaScriptEmptyString = "''";


    /// <summary>
    /// Initializes character Html encoding array
    /// </summary>
    private static readonly char[][] SafeListCodes = InitializeSafeList();



    /// <summary>
    /// Encodes input strings for use in JavaScript.
    /// </summary>
    /// <param name="input">String to be encoded.</param>
    /// <param name="emitQuotes">value indicating whether or not to emit quotes. true = emit quote. false = no quote.</param>
    /// <returns>
    /// Encoded string for use in JavaScript and does not return the output with en quotes.
    /// </returns>
    /// <remarks>
    /// This function encodes all but known safe characters.  Characters are encoded using \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation.
    /// <newpara/>
    /// Safe characters include:
    /// <list type="table">
    /// <item><term>a-z</term><description>Lower case alphabet</description></item>
    /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
    /// <item><term>0-9</term><description>Numbers</description></item>
    /// <item><term>,</term><description>Comma</description></item>
    /// <item><term>.</term><description>Period</description></item>
    /// <item><term>-</term><description>Dash</description></item>
    /// <item><term>_</term><description>Underscore</description></item>
    /// <item><term> </term><description>Space</description></item>
    /// <item><term> </term><description>Other International character ranges</description></item>
    /// </list>
    /// <newpara/>
    /// Example inputs and encoded outputs:
    /// <list type="table">
    /// <item><term>alert('XSS Attack!');</term><description>'alert\x28\x27XSS Attack\x21\x27\x29\x3b'</description></item>
    /// <item><term>user@contoso.com</term><description>'user\x40contoso.com'</description></item>
    /// <item><term>Anti-Cross Site Scripting Library</term><description>'Anti-Cross Site Scripting Library'</description></item>
    /// </list>
    /// </remarks>
    public static string JavaScriptEncode(string input, bool emitQuotes)
    {
        // Input validation: empty or null string condition
        if (string.IsNullOrEmpty(input))
        {
            return emitQuotes ? JavaScriptEmptyString : string.Empty;
        }

        // Use a new char array.
        int outputLength = 0;
        int inputLength = input.Length;
        char[] returnMe = new char[inputLength * 8]; // worst case length scenario

        // First step is to start the encoding with an apostrophe if flag is true.
        if (emitQuotes)
        {
            returnMe[outputLength++] = '\'';
        }

        for (int i = 0; i < inputLength; i++)
        {
            int currentCharacterAsInteger = input[i];
            char currentCharacter = input[i];
            if (SafeListCodes[currentCharacterAsInteger] != null || currentCharacterAsInteger == 92 || (currentCharacterAsInteger >= 123 && currentCharacterAsInteger <= 127))
            {
                // character needs to be encoded
                if (currentCharacterAsInteger >= 127)
                {
                    returnMe[outputLength++] = '\\';
                    returnMe[outputLength++] = 'u';
                    string hex = ((int)currentCharacter).ToString("x", CultureInfo.InvariantCulture).PadLeft(4, '0');
                    returnMe[outputLength++] = hex[0];
                    returnMe[outputLength++] = hex[1];
                    returnMe[outputLength++] = hex[2];
                    returnMe[outputLength++] = hex[3];
                }
                else
                {
                    returnMe[outputLength++] = '\\';
                    returnMe[outputLength++] = 'x';
                    string hex = ((int)currentCharacter).ToString("x", CultureInfo.InvariantCulture).PadLeft(2, '0');
                    returnMe[outputLength++] = hex[0];
                    returnMe[outputLength++] = hex[1];
                }
            }
            else
            {
                // character does not need encoding
                returnMe[outputLength++] = input[i];
            }
        }

        // Last step is to end the encoding with an apostrophe if flag is true.
        if (emitQuotes)
        {
            returnMe[outputLength++] = '\'';
        }

        return new string(returnMe, 0, outputLength);
    }




    /// <summary>
    /// Initializes the safe list.
    /// </summary>
    /// <returns>A two dimensional character array containing characters and their encoded values.</returns>
    [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity", Justification = "This is necessary complexity.")]
    private static char[][] InitializeSafeList()
    {
        char[][] allCharacters = new char[65536][];
        for (int i = 0; i < allCharacters.Length; i++)
        {
            if (
                (i >= 97 && i <= 122) ||        // a-z
                (i >= 65 && i <= 90) ||         // A-Z
                (i >= 48 && i <= 57) ||         // 0-9
                i == 32 ||                      // space
                i == 46 ||                      // .
                i == 44 ||                      // ,
                i == 45 ||                      // -
                i == 95 ||                      // _
                (i >= 256 && i <= 591) ||       // Latin,Extended-A,Latin Extended-B        
                (i >= 880 && i <= 2047) ||      // Greek and Coptic,Cyrillic,Cyrillic Supplement,Armenian,Hebrew,Arabic,Syriac,Arabic,Supplement,Thaana,NKo
                (i >= 2304 && i <= 6319) ||     // Devanagari,Bengali,Gurmukhi,Gujarati,Oriya,Tamil,Telugu,Kannada,Malayalam,Sinhala,Thai,Lao,Tibetan,Myanmar,eorgian,Hangul Jamo,Ethiopic,Ethiopic Supplement,Cherokee,Unified Canadian Aboriginal Syllabics,Ogham,Runic,Tagalog,Hanunoo,Buhid,Tagbanwa,Khmer,Mongolian   
                (i >= 6400 && i <= 6687) ||     // Limbu, Tai Le, New Tai Lue, Khmer, Symbols, Buginese
                (i >= 6912 && i <= 7039) ||     // Balinese         
                (i >= 7680 && i <= 8191) ||     // Latin Extended Additional, Greek Extended        
                (i >= 11264 && i <= 11743) ||   // Glagolitic, Latin Extended-C, Coptic, Georgian Supplement, Tifinagh, Ethiopic Extended    
                (i >= 12352 && i <= 12591) ||   // Hiragana, Katakana, Bopomofo       
                (i >= 12688 && i <= 12735) ||   // Kanbun, Bopomofo Extended        
                (i >= 12784 && i <= 12799) ||   // Katakana, Phonetic Extensions         
                (i >= 19968 && i <= 40899) ||   // Mixed japanese/chinese/korean
                (i >= 40960 && i <= 42191) ||   // Yi Syllables, Yi Radicals        
                (i >= 42784 && i <= 43055) ||   // Latin Extended-D, Syloti, Nagri        
                (i >= 43072 && i <= 43135) ||   // Phags-pa         
                (i >= 44032 && i <= 55215) /* Hangul Syllables */)
            {
                allCharacters[i] = null;
            }
            else
            {
                string integerStringValue = i.ToString(CultureInfo.InvariantCulture);
                int integerStringLength = integerStringValue.Length;
                char[] thisChar = new char[integerStringLength];
                for (int j = 0; j < integerStringLength; j++)
                {
                    thisChar[j] = integerStringValue[j];
                }

                allCharacters[i] = thisChar;
            }
        }

        return allCharacters;
    }
}
}
0

在HTML中:

<script type="text/javascript">
  alert(<%=Greetings()%>);
</script>

在代码后台:

protected string Greetings()
{
    return Microsoft.Security.Application.AntiXss.JavaScriptEncode("Hello World!");
}

AntiXss 库

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接