HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding Property


获取或设置一个 Encoding 对象,该对象表示当前标头输出流的编码。Gets or sets an Encoding object that represents the encoding for the current header output stream.

 property System::Text::Encoding ^ HeaderEncoding { System::Text::Encoding ^ get(); void set(System::Text::Encoding ^ value); };
public System.Text.Encoding HeaderEncoding { get; set; }
member this.HeaderEncoding : System.Text.Encoding with get, set
Public Property HeaderEncoding As Encoding


一个 Encoding,包含与当前标头的字符集有关的信息。An Encoding that contains information about the character set for the current header.


编码值为 UnicodeThe encoding value is Unicode.

-or- 已发送标头。The headers have already been sent.


UnicodeEncoding Encoding ASCIIEncoding属性使UTF7Encoding您能够通过使用、、或UTF8Encoding对象来禁用或更改响应标头上的对象。 HeaderEncodingThe HeaderEncoding property gives you the ability to disable or change the Encoding object on a response header by using the ASCIIEncoding, UnicodeEncoding, UTF7Encoding, or UTF8Encoding object. 默认编码值为UTF8Encoding类。The default encoding value is the UTF8Encoding class.

通过更改HeaderEncoding属性的类型,可能会增加某些恶意攻击的风险,或导致通过响应标头发送敏感数据。By changing the type of the HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. 在部分中,可以通过将响应的HeaderEncoding属性保留为默认设置来避免标头注入攻击。Header injection attacks can be avoided, in part, by leaving the HeaderEncoding property of a response to the default setting. 对易受攻击的应用程序的攻击可能会回显受保护的数据,作为响应标头的一部分。An attack against a vulnerable application could echo back entrusted data as part of a response header. 如果因为标头中的延续行要求而禁用,或者根据不受信任的数据的结果构造了任何标头,则应在发送到响应流之前验证标头数据。HeaderEncodingIf the HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.