如何正确编码mailto链接?

时间:2022-11-15 23:18:51

I am generating some HTML and I want to generate an XSS- and database-content-safe mailto link. What is the proper encoding to use here? How's this?

我正在生成一些HTML,我想生成一个XSS和数据库内容安全的mailto链接。这里使用的编码是什么?这个怎么样?

myLiteral.Text = string.Format(
  "mailto:{0}?Content-Type=text/html&Subject={1}&body={2}", 
  HttpUtility.UrlEncode(email_address),
  HttpUtility.UrlEncode(subject),
  HttpUtility.UrlEncode(body_message));

Should I use UrlEncode here? HtmlEncode? Do what I did, then HtmlEncode the entirety? I'm writing HTML of a URL, so I'm a little unclear...

我应该在这里使用UrlEncode吗?的HTMLEncode?做我做的,然后HtmlEncode整个?我正在写一个URL的HTML,所以我有点不清楚......

@Quentin, is this what you're describing? (Changed &s to & since I'm about to HtmlEncode...)

@Quentin,这就是你所描述的吗? (改为&因此我要HtmlEncode ......)

myLiteral.Text = 
  HttpUtility.HtmlEncode(HttpUtility.UrlEncode(
    string.Format(
      "mailto:{0}?Content-Type=text/html&Subject={1}&body={2}", 
      email_address, subject, body_message)));

1 个解决方案

#1

6  

You are putting some content in a URL, then representing that URL in HTML. So URLEncode it then HTMLEncode what you get from URLEncode.

您将一些内容放在URL中,然后用HTML表示该URL。所以URLEncode然后HTMLEncode你从URLEncode得到什么。

#1

6  

You are putting some content in a URL, then representing that URL in HTML. So URLEncode it then HTMLEncode what you get from URLEncode.

您将一些内容放在URL中,然后用HTML表示该URL。所以URLEncode然后HTMLEncode你从URLEncode得到什么。

标签:

相关文章