From 61405d30cf3e20b5a98d99b8c41aecbc98d7204d Mon Sep 17 00:00:00 2001 From: maliming Date: Sun, 28 Dec 2025 15:47:44 +0800 Subject: [PATCH 1/5] HTML-encode TagHelper titles and texts for security --- .../Breadcrumb/AbpBreadcrumbItemTagHelperService.cs | 2 +- .../TagHelpers/Button/AbpButtonTagHelperService.cs | 4 +++- .../Button/AbpButtonTagHelperServiceBase.cs | 10 +++++++++- .../Button/AbpLinkButtonTagHelperService.cs | 7 +++++++ .../TagHelpers/Card/AbpCardBodyTagHelperService.cs | 12 ++++++++++-- .../Carousel/AbpCarouselItemTagHelperService.cs | 4 ++-- .../Collapse/AbpAccordionItemTagHelperService.cs | 10 +++++++++- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 7 +++++-- .../Modal/AbpModalHeaderTagHelperService.cs | 9 ++++++--- .../TagHelpers/Tab/AbpTabDropdownTagHelperService.cs | 10 +++++++++- .../TagHelpers/Tab/AbpTabLinkTagHelperService.cs | 12 ++++++++++-- .../TagHelpers/Tab/AbpTabTagHelperService.cs | 12 ++++++++++-- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 8 ++++---- .../Bundling/TagHelpers/AbpTagHelperStyleService.cs | 7 +++++-- 14 files changed, 90 insertions(+), 24 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs index 9935b90903c..3208d1c7a01 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs @@ -46,7 +46,7 @@ protected virtual string GetInnerHtml(TagHelperContext context, TagHelperOutput var link = new TagBuilder("a"); link.Attributes.Add("href", TagHelper.Href); - link.InnerHtml.AppendHtml(TagHelper.Title); + link.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Title)); return link.ToHtmlString(); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs index e5576332b3e..755699be668 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using Microsoft.Extensions.Localization; using System; +using System.Text.Encodings.Web; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; @@ -12,7 +13,8 @@ public class AbpButtonTagHelperService : AbpButtonTagHelperServiceBase L { get; } - public AbpButtonTagHelperService(IStringLocalizer localizer) + public AbpButtonTagHelperService(HtmlEncoder encoder, IStringLocalizer localizer) + : base(encoder) { L = localizer; } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs index a69d09eed43..dff0d8c2cba 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs @@ -1,6 +1,7 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System; +using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; @@ -8,6 +9,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public abstract class AbpButtonTagHelperServiceBase : AbpTagHelperService where TTagHelper : TagHelper, IButtonTagHelperBase { + protected HtmlEncoder Encoder { get; } + + protected AbpButtonTagHelperServiceBase(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override void Process(TagHelperContext context, TagHelperOutput output) { NormalizeTagMode(context, output); @@ -69,7 +77,7 @@ protected virtual void AddText(TagHelperContext context, TagHelperOutput output) } var span = new TagBuilder("span"); - span.InnerHtml.AppendHtml(TagHelper.Text!); + span.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Text!)); output.Content.AppendHtml(span); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs index 44dc9962842..295e914d4a4 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs @@ -1,10 +1,17 @@ using System; +using System.Text.Encodings.Web; using Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public class AbpLinkButtonTagHelperService : AbpButtonTagHelperServiceBase { + public AbpLinkButtonTagHelperService(HtmlEncoder encoder) + : base(encoder) + { + + } + public override void Process(TagHelperContext context, TagHelperOutput output) { base.Process(context, output); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs index b8462f4b5bc..5907097d250 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs @@ -1,4 +1,5 @@ using System; +using System.Text.Encodings.Web; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; @@ -7,6 +8,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Card; public class AbpCardBodyTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpCardBodyTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override void Process(TagHelperContext context, TagHelperOutput output) { output.TagName = "div"; @@ -22,7 +30,7 @@ protected virtual void ProcessTitle(TagHelperOutput output) { var cardTitle = new TagBuilder(AbpCardTitleTagHelper.DefaultHeading.ToHtmlTag()); cardTitle.AddCssClass("card-title"); - cardTitle.InnerHtml.AppendHtml(TagHelper.Title!); + cardTitle.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title!)); output.PreContent.AppendHtml(cardTitle); } } @@ -33,7 +41,7 @@ protected virtual void ProcessSubtitle(TagHelperOutput output) { var cardSubtitle = new TagBuilder(AbpCardSubtitleTagHelper.DefaultHeading.ToHtmlTag()); cardSubtitle.AddCssClass("card-subtitle mb-2"); - cardSubtitle.InnerHtml.AppendHtml(TagHelper.Subtitle!); + cardSubtitle.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Subtitle!)); output.PreContent.AppendHtml(cardSubtitle); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs index 370d781f042..40a31736afb 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs @@ -66,10 +66,10 @@ protected virtual void AddCaption(TagHelperContext context, TagHelperOutput outp } var title = new TagBuilder("h5"); - title.InnerHtml.AppendHtml(TagHelper.CaptionTitle!); + title.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.CaptionTitle!)); var caption = new TagBuilder("p"); - caption.InnerHtml.AppendHtml(TagHelper.Caption!); + caption.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Caption!)); var wrapper = new TagBuilder("div"); wrapper.AddCssClass("carousel-caption d-none d-md-block"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs index 7f3f7e9c17e..58d105bf596 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System; using System.Collections.Generic; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -9,6 +10,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Collapse; public class AbpAccordionItemTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpAccordionItemTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetRandomIdIfNotProvided(); @@ -32,7 +40,7 @@ protected virtual string GetAccordionHeaderItem(TagHelperContext context, TagHel button.Attributes.Add("data-bs-target", "#" + GetContentId()); button.Attributes.Add("aria-expanded", "true"); button.Attributes.Add("aria-controls", GetContentId()); - button.InnerHtml.AppendHtml(TagHelper.Title); + button.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title)); var h5 = new TagBuilder("h5"); h5.AddCssClass("mb-0"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs index 58e5300cbff..b31994befa4 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs @@ -7,6 +7,7 @@ using System.Linq; using System.Reflection; using System.Text; +using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; @@ -14,10 +15,12 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; public class AbpRadioInputTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; + private readonly HtmlEncoder _htmlEncoder ; - public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer) + public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) { _tagHelperLocalizer = tagHelperLocalizer; + _htmlEncoder = htmlEncoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -74,7 +77,7 @@ protected virtual string GetHtml(TagHelperContext context, TagHelperOutput outpu var label = new TagBuilder("label"); label.AddCssClass("form-check-label"); label.Attributes.Add("for", id); - label.InnerHtml.AppendHtml(selectItem.Text); + label.InnerHtml.AppendHtml(_htmlEncoder.Encode(selectItem.Text)); var wrapper = new TagBuilder("div"); wrapper.AddCssClass("form-check" + inlineClass); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs index 52ced17912e..dcad9f10fa9 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs @@ -1,4 +1,5 @@ -using Localization.Resources.AbpUi; +using System.Text.Encodings.Web; +using Localization.Resources.AbpUi; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Microsoft.Extensions.Localization; @@ -9,10 +10,12 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Modal; public class AbpModalHeaderTagHelperService : AbpTagHelperService { protected IStringLocalizer L { get; } + protected HtmlEncoder Encoder { get; } - public AbpModalHeaderTagHelperService(IStringLocalizer localizer) + public AbpModalHeaderTagHelperService(IStringLocalizer localizer, HtmlEncoder encoder) { L = localizer; + Encoder = encoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -27,7 +30,7 @@ protected virtual string CreatePreContent() { var title = new TagBuilder("h5"); title.AddCssClass("modal-title"); - title.InnerHtml.AppendHtml(TagHelper.Title); + title.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title)); return title.ToHtmlString(); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs index 5201af6a49a..73f47bd6da8 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System; using System.Collections.Generic; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -9,6 +10,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabDropdownTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabDropdownTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { if (string.IsNullOrWhiteSpace(TagHelper.Name)) @@ -40,7 +48,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add("role", "button"); anchor.Attributes.Add("aria-haspopup", "true"); anchor.Attributes.Add("aria-expanded", "false"); - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); var menu = new TagBuilder("div"); menu.AddCssClass("dropdown-menu"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs index 2a7555021c1..bf2473f83b1 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs @@ -1,6 +1,7 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -8,6 +9,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabLinkTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabLinkTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -35,7 +43,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.AddCssClass("dropdown-item"); anchor.Attributes.Add("id", id); anchor.Attributes.Add("href", href); - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); return anchor.ToHtmlString(); } @@ -45,7 +53,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.AddCssClass("nav-link " + AbpTabItemActivePlaceholder); anchor.Attributes.Add("id", id); anchor.Attributes.Add("href", href); - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs index 8d5700159f1..89d581fd312 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; using System.Linq; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -9,6 +10,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -53,7 +61,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); return anchor.ToHtmlString(); } @@ -73,7 +81,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index c4701aa7d54..17cf42c1897 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; @@ -18,10 +19,9 @@ public class AbpTagHelperScriptService : AbpTagHelperResourceService public AbpTagHelperScriptService( IBundleManager bundleManager, IOptions options, - IWebHostEnvironment hostingEnvironment) : base( - bundleManager, - options, - hostingEnvironment) + IWebHostEnvironment hostingEnvironment, + HtmlEncoder encoder) + : base(bundleManager, options, hostingEnvironment, encoder) { } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index 1ed3a76fe14..f398edaa997 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; @@ -21,10 +22,12 @@ public AbpTagHelperStyleService( IBundleManager bundleManager, IOptions options, IWebHostEnvironment hostingEnvironment, - IOptions securityHeadersOptions) : base( + IOptions securityHeadersOptions, + HtmlEncoder encoder) : base( bundleManager, options, - hostingEnvironment) + hostingEnvironment, + encoder) { SecurityHeadersOptions = securityHeadersOptions.Value; } From 3f30a714262413f5df69e24e6b98c901f8a15697 Mon Sep 17 00:00:00 2001 From: maliming Date: Sun, 28 Dec 2025 15:59:32 +0800 Subject: [PATCH 2/5] Remove HtmlEncoder dependency from TagHelper services --- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 7 ++++--- .../UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs | 10 ++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index 17cf42c1897..7716787f720 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -19,9 +19,10 @@ public class AbpTagHelperScriptService : AbpTagHelperResourceService public AbpTagHelperScriptService( IBundleManager bundleManager, IOptions options, - IWebHostEnvironment hostingEnvironment, - HtmlEncoder encoder) - : base(bundleManager, options, hostingEnvironment, encoder) + IWebHostEnvironment hostingEnvironment) : base( + bundleManager, + options, + hostingEnvironment) { } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index f398edaa997..5e8e24de435 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -22,12 +22,10 @@ public AbpTagHelperStyleService( IBundleManager bundleManager, IOptions options, IWebHostEnvironment hostingEnvironment, - IOptions securityHeadersOptions, - HtmlEncoder encoder) : base( - bundleManager, - options, - hostingEnvironment, - encoder) + IOptions securityHeadersOptions) : base( + bundleManager, + options, + hostingEnvironment) { SecurityHeadersOptions = securityHeadersOptions.Value; } From 2c81dbd2715f675b66feae7890151435749bb807 Mon Sep 17 00:00:00 2001 From: Ma Liming Date: Sun, 28 Dec 2025 16:00:43 +0800 Subject: [PATCH 3/5] Update framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs index b31994befa4..940c2baa673 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs @@ -15,7 +15,7 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; public class AbpRadioInputTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; - private readonly HtmlEncoder _htmlEncoder ; + private readonly HtmlEncoder _htmlEncoder; public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) { From 3692690a866451c0d0f962f8810073097dd6d453 Mon Sep 17 00:00:00 2001 From: maliming Date: Mon, 5 Jan 2026 13:22:59 +0800 Subject: [PATCH 4/5] Use `Append` method instead of `HtmlEncoder`. --- .../Breadcrumb/AbpBreadcrumbItemTagHelperService.cs | 7 ++++--- .../Button/AbpButtonTagHelperServiceBase.cs | 2 +- .../TagHelpers/Card/AbpCardBodyTagHelperService.cs | 12 ++---------- .../Carousel/AbpCarouselItemTagHelperService.cs | 4 ++-- .../Collapse/AbpAccordionItemTagHelperService.cs | 10 +--------- .../Collapse/AbpAccordionTagHelperService.cs | 2 +- .../TagHelpers/Form/AbpInputTagHelperService.cs | 2 +- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 7 ++----- .../TagHelpers/Form/AbpSelectTagHelperService.cs | 2 +- .../DatePicker/AbpDatePickerBaseTagHelperService.cs | 2 +- .../Modal/AbpModalHeaderTagHelperService.cs | 9 +++------ .../TagHelpers/Tab/AbpTabDropdownTagHelperService.cs | 10 +--------- .../TagHelpers/Tab/AbpTabLinkTagHelperService.cs | 12 ++---------- .../TagHelpers/Tab/AbpTabTagHelperService.cs | 12 ++---------- .../TagHelpers/Tab/AbpTabsTagHelperService.cs | 2 +- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 1 - .../Bundling/TagHelpers/AbpTagHelperStyleService.cs | 1 - 17 files changed, 25 insertions(+), 72 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs index 3208d1c7a01..f2fbb2e4bf6 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs @@ -1,4 +1,5 @@ -using Microsoft.AspNetCore.Mvc.Rendering; +using System; +using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; using System.Text.Encodings.Web; @@ -41,12 +42,12 @@ protected virtual string GetInnerHtml(TagHelperContext context, TagHelperOutput if (string.IsNullOrWhiteSpace(TagHelper.Href)) { output.Attributes.Add("aria-current", "page"); - return _encoder.Encode(TagHelper.Title); + return _encoder.Encode(TagHelper.Title ?? string.Empty); } var link = new TagBuilder("a"); link.Attributes.Add("href", TagHelper.Href); - link.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Title)); + link.InnerHtml.Append(TagHelper.Title); return link.ToHtmlString(); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs index dff0d8c2cba..e1eb8cb199c 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs @@ -77,7 +77,7 @@ protected virtual void AddText(TagHelperContext context, TagHelperOutput output) } var span = new TagBuilder("span"); - span.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Text!)); + span.InnerHtml.Append(TagHelper.Text!); output.Content.AppendHtml(span); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs index 5907097d250..dea75d44d77 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs @@ -1,5 +1,4 @@ using System; -using System.Text.Encodings.Web; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; @@ -8,13 +7,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Card; public class AbpCardBodyTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpCardBodyTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override void Process(TagHelperContext context, TagHelperOutput output) { output.TagName = "div"; @@ -30,7 +22,7 @@ protected virtual void ProcessTitle(TagHelperOutput output) { var cardTitle = new TagBuilder(AbpCardTitleTagHelper.DefaultHeading.ToHtmlTag()); cardTitle.AddCssClass("card-title"); - cardTitle.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title!)); + cardTitle.InnerHtml.Append(TagHelper.Title!); output.PreContent.AppendHtml(cardTitle); } } @@ -41,7 +33,7 @@ protected virtual void ProcessSubtitle(TagHelperOutput output) { var cardSubtitle = new TagBuilder(AbpCardSubtitleTagHelper.DefaultHeading.ToHtmlTag()); cardSubtitle.AddCssClass("card-subtitle mb-2"); - cardSubtitle.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Subtitle!)); + cardSubtitle.InnerHtml.Append(TagHelper.Subtitle!); output.PreContent.AppendHtml(cardSubtitle); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs index 40a31736afb..aa1383168b2 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Carousel/AbpCarouselItemTagHelperService.cs @@ -66,10 +66,10 @@ protected virtual void AddCaption(TagHelperContext context, TagHelperOutput outp } var title = new TagBuilder("h5"); - title.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.CaptionTitle!)); + title.InnerHtml.Append(TagHelper.CaptionTitle!); var caption = new TagBuilder("p"); - caption.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Caption!)); + caption.InnerHtml.Append(TagHelper.Caption!); var wrapper = new TagBuilder("div"); wrapper.AddCssClass("carousel-caption d-none d-md-block"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs index 58d105bf596..4a5048e1288 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionItemTagHelperService.cs @@ -2,7 +2,6 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System; using System.Collections.Generic; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -10,13 +9,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Collapse; public class AbpAccordionItemTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpAccordionItemTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetRandomIdIfNotProvided(); @@ -40,7 +32,7 @@ protected virtual string GetAccordionHeaderItem(TagHelperContext context, TagHel button.Attributes.Add("data-bs-target", "#" + GetContentId()); button.Attributes.Add("aria-expanded", "true"); button.Attributes.Add("aria-controls", GetContentId()); - button.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title)); + button.InnerHtml.Append(TagHelper.Title); var h5 = new TagBuilder("h5"); h5.AddCssClass("mb-0"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionTagHelperService.cs index c33b25022b4..8220f2bd5ff 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Collapse/AbpAccordionTagHelperService.cs @@ -37,7 +37,7 @@ protected virtual void SetContent(TagHelperContext context, TagHelperOutput outp { foreach (var item in items) { - var content = item.Replace(AbpAccordionParentIdPlaceholder, HtmlGenerator.Encode(TagHelper.Id)); + var content = item.Replace(AbpAccordionParentIdPlaceholder, HtmlGenerator.Encode(TagHelper.Id ?? string.Empty)); var wrapper = new TagBuilder("div"); wrapper.AddCssClass("card"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpInputTagHelperService.cs index d847848df76..1fb6f806e1c 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpInputTagHelperService.cs @@ -287,7 +287,7 @@ protected virtual async Task GetLabelAsHtmlAsync(TagHelperContext contex var label = new TagBuilder("label"); label.Attributes.Add("for", GetIdAttributeValue(inputTag)); - label.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.AddCssClass(isCheckbox ? "form-check-label" : "form-label"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs index 940c2baa673..b8599464e07 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs @@ -7,7 +7,6 @@ using System.Linq; using System.Reflection; using System.Text; -using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; @@ -15,12 +14,10 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; public class AbpRadioInputTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; - private readonly HtmlEncoder _htmlEncoder; - public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) + public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer) { _tagHelperLocalizer = tagHelperLocalizer; - _htmlEncoder = htmlEncoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -77,7 +74,7 @@ protected virtual string GetHtml(TagHelperContext context, TagHelperOutput outpu var label = new TagBuilder("label"); label.AddCssClass("form-check-label"); label.Attributes.Add("for", id); - label.InnerHtml.AppendHtml(_htmlEncoder.Encode(selectItem.Text)); + label.InnerHtml.Append(selectItem.Text); var wrapper = new TagBuilder("div"); wrapper.AddCssClass("form-check" + inlineClass); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpSelectTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpSelectTagHelperService.cs index eab2944002d..c411d571f41 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpSelectTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpSelectTagHelperService.cs @@ -187,7 +187,7 @@ protected virtual async Task GetLabelAsHtmlAsync(TagHelperContext contex var label = new TagBuilder("label"); label.AddCssClass("form-label"); label.Attributes.Add("for", GetIdAttributeValue(selectTag)); - label.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.InnerHtml.AppendHtml(GetRequiredSymbol(context, output)); return label.ToHtmlString(); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs index 5088c08293b..dfd9ab60e41 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs @@ -556,7 +556,7 @@ protected virtual async Task GetLabelAsHtmlAsync(TagHelperContext contex var label = new TagBuilder("label"); label.Attributes.Add("for", GetIdAttributeValue(inputTag)); - label.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.AddCssClass("form-label"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs index dcad9f10fa9..a6e0b766836 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs @@ -1,5 +1,4 @@ -using System.Text.Encodings.Web; -using Localization.Resources.AbpUi; +using Localization.Resources.AbpUi; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Microsoft.Extensions.Localization; @@ -10,12 +9,10 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Modal; public class AbpModalHeaderTagHelperService : AbpTagHelperService { protected IStringLocalizer L { get; } - protected HtmlEncoder Encoder { get; } - public AbpModalHeaderTagHelperService(IStringLocalizer localizer, HtmlEncoder encoder) + public AbpModalHeaderTagHelperService(IStringLocalizer localizer) { L = localizer; - Encoder = encoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -30,7 +27,7 @@ protected virtual string CreatePreContent() { var title = new TagBuilder("h5"); title.AddCssClass("modal-title"); - title.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Title)); + title.InnerHtml.Append(TagHelper.Title); return title.ToHtmlString(); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs index 73f47bd6da8..81ca55b924b 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabDropdownTagHelperService.cs @@ -2,7 +2,6 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System; using System.Collections.Generic; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -10,13 +9,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabDropdownTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabDropdownTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { if (string.IsNullOrWhiteSpace(TagHelper.Name)) @@ -48,7 +40,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add("role", "button"); anchor.Attributes.Add("aria-haspopup", "true"); anchor.Attributes.Add("aria-expanded", "false"); - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); var menu = new TagBuilder("div"); menu.AddCssClass("dropdown-menu"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs index bf2473f83b1..3ccf71efbef 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabLinkTagHelperService.cs @@ -1,7 +1,6 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -9,13 +8,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabLinkTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabLinkTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -43,7 +35,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.AddCssClass("dropdown-item"); anchor.Attributes.Add("id", id); anchor.Attributes.Add("href", href); - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); return anchor.ToHtmlString(); } @@ -53,7 +45,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.AddCssClass("nav-link " + AbpTabItemActivePlaceholder); anchor.Attributes.Add("id", id); anchor.Attributes.Add("href", href); - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs index 89d581fd312..7b0619ab6a1 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabTagHelperService.cs @@ -2,7 +2,6 @@ using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; using System.Linq; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; @@ -10,13 +9,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Tab; public class AbpTabTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -61,7 +53,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); return anchor.ToHtmlString(); } @@ -81,7 +73,7 @@ protected virtual string GetTabHeaderItem(TagHelperContext context, TagHelperOut anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs index 3026860ed61..c27be9a8c66 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs @@ -225,6 +225,6 @@ protected virtual void SetRandomNameIfNotProvided() protected virtual string SetTabItemNameIfNotProvided(string content, int index) { - return content.Replace(TabItemNamePlaceHolder, HtmlGenerator.Encode(TagHelper.Name) + "_" + index); + return content.Replace(TabItemNamePlaceHolder, HtmlGenerator.Encode(TagHelper.Name ?? string.Empty) + "_" + index); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index 7716787f720..0e87d883704 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index 5e8e24de435..a61d000d6b6 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; From c418e2874213df2c2c7c692e5daff7d6c23273f1 Mon Sep 17 00:00:00 2001 From: maliming Date: Mon, 5 Jan 2026 13:24:16 +0800 Subject: [PATCH 5/5] Remove HtmlEncoder dependency from button tag helpers --- .../TagHelpers/Button/AbpButtonTagHelperService.cs | 3 +-- .../TagHelpers/Button/AbpButtonTagHelperServiceBase.cs | 8 -------- .../TagHelpers/Button/AbpLinkButtonTagHelperService.cs | 7 ------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs index 755699be668..d8957fb48ce 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs @@ -13,8 +13,7 @@ public class AbpButtonTagHelperService : AbpButtonTagHelperServiceBase L { get; } - public AbpButtonTagHelperService(HtmlEncoder encoder, IStringLocalizer localizer) - : base(encoder) + public AbpButtonTagHelperService(IStringLocalizer localizer) { L = localizer; } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs index e1eb8cb199c..2a266ce5be9 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs @@ -1,7 +1,6 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System; -using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; @@ -9,13 +8,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public abstract class AbpButtonTagHelperServiceBase : AbpTagHelperService where TTagHelper : TagHelper, IButtonTagHelperBase { - protected HtmlEncoder Encoder { get; } - - protected AbpButtonTagHelperServiceBase(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override void Process(TagHelperContext context, TagHelperOutput output) { NormalizeTagMode(context, output); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs index 295e914d4a4..44dc9962842 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs @@ -1,17 +1,10 @@ using System; -using System.Text.Encodings.Web; using Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public class AbpLinkButtonTagHelperService : AbpButtonTagHelperServiceBase { - public AbpLinkButtonTagHelperService(HtmlEncoder encoder) - : base(encoder) - { - - } - public override void Process(TagHelperContext context, TagHelperOutput output) { base.Process(context, output);