HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding HttpResponse.HeaderEncoding Property

定义

获取或设置一个 Encoding 对象,该对象表示当前标头输出流的编码。Gets or sets an Encoding object that represents the encoding for the current header output stream.

public:
 property System::Text::Encoding ^ HeaderEncoding { System::Text::Encoding ^ get(); void set(System::Text::Encoding ^ value); };
public System.Text.Encoding HeaderEncoding { get; set; }
member this.HeaderEncoding : System.Text.Encoding with get, set
Public Property HeaderEncoding As Encoding

属性值

一个 Encoding,包含与当前标头的字符集有关的信息。An Encoding that contains information about the character set for the current header.

异常

编码值为 UnicodeThe encoding value is Unicode.

-or- 已发送标头。The headers have already been sent.

注解

UnicodeEncoding Encoding ASCIIEncoding属性使UTF7Encoding您能够通过使用、、或UTF8Encoding对象来禁用或更改响应标头上的对象。 HeaderEncodingThe HeaderEncoding property gives you the ability to disable or change the Encoding object on a response header by using the ASCIIEncoding, UnicodeEncoding, UTF7Encoding, or UTF8Encoding object. 默认编码值为UTF8Encoding类。The default encoding value is the UTF8Encoding class.

通过更改HeaderEncoding属性的类型,可能会增加某些恶意攻击的风险,或导致通过响应标头发送敏感数据。By changing the type of the HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. 在部分中,可以通过将响应的HeaderEncoding属性保留为默认设置来避免标头注入攻击。Header injection attacks can be avoided, in part, by leaving the HeaderEncoding property of a response to the default setting. 对易受攻击的应用程序的攻击可能会回显受保护的数据,作为响应标头的一部分。An attack against a vulnerable application could echo back entrusted data as part of a response header. 如果因为标头中的延续行要求而禁用,或者根据不受信任的数据的结果构造了任何标头,则应在发送到响应流之前验证标头数据。HeaderEncodingIf the HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.

适用于