大家都知道,在开始WebForm程序时,一个WebForm由.cs代码文件与.aspx页面文件组成。在aspx文件中可以嵌入C#代码,但无法在aspx的嵌入C#代码中定义类,函数和字段等。这样,就限制了单aspx文件场景时所能发挥的功能了。
<%@ Page Language="C#" AutoEventWireup="true" %>
<%
//===============
//字符串拼接开始
//===============
System.Diagnostics.Debug.Print("Hello");
}
//字段定义
public const String ACTION_KEY = "action";
//类定义
public class Class1
{
public String Name;
//===============
//字符串拼接结束
//===============
%>
原理就是aspx文件在编译的时候会动态生成代码,用<% %>包含的部分就会被拼接到类似于@__Render__control1方法的内部,这种做法那么下面的做法就有点类似于SQL注入了。根据上面的aspx文件,会动态生成如下的代码文件:
#pragma checksum "E:\工作项目\loncomip\DCIMSClient_1.2\DCIMSWebSite\Default.aspx" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "6F470031E504F5735FDF857C2F72979997EAFC5C"
//------------------------------------------------------------------------------
// <auto-generated>
// 此代码由工具生成。
// 运行时版本:4.0.30319.17929
//
// 对此文件的更改可能会导致不正确的行为,并且如果
// 重新生成代码,这些更改将会丢失。
// </auto-generated>
//------------------------------------------------------------------------------
namespace ASP {
#line 285 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.Profile;
#line default
#line hidden
#line 280 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Text.RegularExpressions;
#line default
#line hidden
#line 282 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.Caching;
#line default
#line hidden
#line 278 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Configuration;
#line default
#line hidden
#line 284 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.Security;
#line default
#line hidden
#line 289 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.UI.HtmlControls;
#line default
#line hidden
#line 287 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.UI.WebControls;
#line default
#line hidden
#line 276 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Collections;
#line default
#line hidden
#line 275 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System;
#line default
#line hidden
#line 286 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.UI;
#line default
#line hidden
#line 281 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web;
#line default
#line hidden
#line 283 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.SessionState;
#line default
#line hidden
#line 277 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Collections.Specialized;
#line default
#line hidden
#line 279 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Text;
#line default
#line hidden
#line 288 "C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\web.config"
using System.Web.UI.WebControls.WebParts;
#line default
#line hidden
[System.Runtime.CompilerServices.CompilerGlobalScopeAttribute()]
public class default_aspx : global::System.Web.UI.Page, System.Web.SessionState.IRequiresSessionState, System.Web.IHttpHandler {
private static bool @__initialized;
private static object @__fileDependencies;
[System.Diagnostics.DebuggerNonUserCodeAttribute()]
public default_aspx() {
string[] dependencies;
((global::System.Web.UI.Page)(this)).AppRelativeVirtualPath = "~/Default.aspx";
if ((global::ASP.default_aspx.@__initialized == false)) {
dependencies = new string[1];
dependencies[0] = "~/Default.aspx";
global::ASP.default_aspx.@__fileDependencies = this.GetWrappedFileDependencies(dependencies);
global::ASP.default_aspx.@__initialized = true;
}
this.Server.ScriptTimeout = 30000000;
}
protected System.Web.Profile.DefaultProfile Profile {
get {
return ((System.Web.Profile.DefaultProfile)(this.Context.Profile));
}
}
protected override bool SupportAutoEvents {
get {
return false;
}
}
protected System.Web.HttpApplication ApplicationInstance {
get {
return ((System.Web.HttpApplication)(this.Context.ApplicationInstance));
}
}
[System.Diagnostics.DebuggerNonUserCodeAttribute()]
private void @__BuildControlTree(default_aspx @__ctrl) {
#line 1 "E:\工作项目\loncomip\DCIMSClient_1.2\DCIMSWebSite\Default.aspx"
this.InitializeCulture();
#line default
#line hidden
@__ctrl.SetRenderMethodDelegate(new System.Web.UI.RenderMethod(this.@__Render__control1));
}
private void @__Render__control1(System.Web.UI.HtmlTextWriter @__w, System.Web.UI.Control parameterContainer) {
#line 2 "E:\工作项目\loncomip\DCIMSClient_1.2\DCIMSWebSite\Default.aspx"
//===============
//字符串拼接开始
//===============
System.Diagnostics.Debug.Print("Hello");
}
//字段定义
public const String ACTION_KEY = "action";
//类定义
public class Class1
{
public String Name;
//===============
//字符串拼接结束
//===============
#line default
#line hidden
}
[System.Diagnostics.DebuggerNonUserCodeAttribute()]
protected override void FrameworkInitialize() {
base.FrameworkInitialize();
this.@__BuildControlTree(this);
this.AddWrappedFileDependencies(global::ASP.default_aspx.@__fileDependencies);
this.Request.ValidateInput();
}
[System.Diagnostics.DebuggerNonUserCodeAttribute()]
public override int GetTypeHashCode() {
return 5381;
}
[System.Diagnostics.DebuggerNonUserCodeAttribute()]
public override void ProcessRequest(System.Web.HttpContext context) {
base.ProcessRequest(context);
}
}
}
