From 61405d30cf3e20b5a98d99b8c41aecbc98d7204d Mon Sep 17 00:00:00 2001 From: maliming Date: Sun, 28 Dec 2025 15:47:44 +0800 Subject: [PATCH 1/5] HTML-encode TagHelper titles and texts for security --- .../Breadcrumb/AbpBreadcrumbItemTagHelperService.cs | 2 +- .../TagHelpers/Button/AbpButtonTagHelperService.cs | 4 +++- .../Button/AbpButtonTagHelperServiceBase.cs | 10 +++++++++- .../Button/AbpLinkButtonTagHelperService.cs | 7 +++++++ .../TagHelpers/Card/AbpCardBodyTagHelperService.cs | 12 ++++++++++-- .../Carousel/AbpCarouselItemTagHelperService.cs | 4 ++-- .../Collapse/AbpAccordionItemTagHelperService.cs | 10 +++++++++- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 7 +++++-- .../Modal/AbpModalHeaderTagHelperService.cs | 9 ++++++--- .../TagHelpers/Tab/AbpTabDropdownTagHelperService.cs | 10 +++++++++- .../TagHelpers/Tab/AbpTabLinkTagHelperService.cs | 12 ++++++++++-- .../TagHelpers/Tab/AbpTabTagHelperService.cs | 12 ++++++++++-- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 8 ++++---- .../Bundling/TagHelpers/AbpTagHelperStyleService.cs | 7 +++++-- 14 files changed, 90 insertions(+), 24 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs index 9935b90903..3208d1c7a0 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs @@ -46,7 +46,7 @@ public class AbpBreadcrumbItemTagHelperService : AbpTagHelperService L { get; } - public AbpButtonTagHelperService(IStringLocalizer localizer) + public AbpButtonTagHelperService(HtmlEncoder encoder, IStringLocalizer localizer) + : base(encoder) { L = localizer; } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs index a69d09eed4..dff0d8c2cb 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs @@ -1,6 +1,7 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System; +using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; @@ -8,6 +9,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public abstract class AbpButtonTagHelperServiceBase : AbpTagHelperService where TTagHelper : TagHelper, IButtonTagHelperBase { + protected HtmlEncoder Encoder { get; } + + protected AbpButtonTagHelperServiceBase(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override void Process(TagHelperContext context, TagHelperOutput output) { NormalizeTagMode(context, output); @@ -69,7 +77,7 @@ public abstract class AbpButtonTagHelperServiceBase : AbpTagHelperSe } var span = new TagBuilder("span"); - span.InnerHtml.AppendHtml(TagHelper.Text!); + span.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Text!)); output.Content.AppendHtml(span); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs index 44dc996284..295e914d4a 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs @@ -1,10 +1,17 @@ using System; +using System.Text.Encodings.Web; using Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public class AbpLinkButtonTagHelperService : AbpButtonTagHelperServiceBase { + public AbpLinkButtonTagHelperService(HtmlEncoder encoder) + : base(encoder) + { + + } + public override void Process(TagHelperContext context, TagHelperOutput output) { base.Process(context, output); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs index b8462f4b5b..5907097d25 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs @@ -1,4 +1,5 @@ using System; +using System.Text.Encodings.Web; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; @@ -7,6 +8,13 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Card; public class AbpCardBodyTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpCardBodyTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override void Process(TagHelperContext context, TagHelperOutput output) { output.TagName = "div"; @@ -22,7 +30,7 @@ public class AbpCardBodyTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpAccordionItemTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetRandomIdIfNotProvided(); @@ -32,7 +40,7 @@ public class AbpAccordionItemTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; + private readonly HtmlEncoder _htmlEncoder ; - public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer) + public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) { _tagHelperLocalizer = tagHelperLocalizer; + _htmlEncoder = htmlEncoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -74,7 +77,7 @@ public class AbpRadioInputTagHelperService : AbpTagHelperService { protected IStringLocalizer L { get; } + protected HtmlEncoder Encoder { get; } - public AbpModalHeaderTagHelperService(IStringLocalizer localizer) + public AbpModalHeaderTagHelperService(IStringLocalizer localizer, HtmlEncoder encoder) { L = localizer; + Encoder = encoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -27,7 +30,7 @@ public class AbpModalHeaderTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabDropdownTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { if (string.IsNullOrWhiteSpace(TagHelper.Name)) @@ -40,7 +48,7 @@ public class AbpTabDropdownTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabLinkTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -35,7 +43,7 @@ public class AbpTabLinkTagHelperService : AbpTagHelperService { + protected HtmlEncoder Encoder { get; } + + public AbpTabTagHelperService(HtmlEncoder encoder) + { + Encoder = encoder; + } + public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -53,7 +61,7 @@ public class AbpTabTagHelperService : AbpTagHelperService anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); return anchor.ToHtmlString(); } @@ -73,7 +81,7 @@ public class AbpTabTagHelperService : AbpTagHelperService anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(title); + anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index c4701aa7d5..17cf42c189 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; @@ -18,10 +19,9 @@ public class AbpTagHelperScriptService : AbpTagHelperResourceService public AbpTagHelperScriptService( IBundleManager bundleManager, IOptions options, - IWebHostEnvironment hostingEnvironment) : base( - bundleManager, - options, - hostingEnvironment) + IWebHostEnvironment hostingEnvironment, + HtmlEncoder encoder) + : base(bundleManager, options, hostingEnvironment, encoder) { } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index 1ed3a76fe1..f398edaa99 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; @@ -21,10 +22,12 @@ public class AbpTagHelperStyleService : AbpTagHelperResourceService IBundleManager bundleManager, IOptions options, IWebHostEnvironment hostingEnvironment, - IOptions securityHeadersOptions) : base( + IOptions securityHeadersOptions, + HtmlEncoder encoder) : base( bundleManager, options, - hostingEnvironment) + hostingEnvironment, + encoder) { SecurityHeadersOptions = securityHeadersOptions.Value; } From 3f30a714262413f5df69e24e6b98c901f8a15697 Mon Sep 17 00:00:00 2001 From: maliming Date: Sun, 28 Dec 2025 15:59:32 +0800 Subject: [PATCH 2/5] Remove HtmlEncoder dependency from TagHelper services --- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 7 ++++--- .../UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs | 10 ++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index 17cf42c189..7716787f72 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -19,9 +19,10 @@ public class AbpTagHelperScriptService : AbpTagHelperResourceService public AbpTagHelperScriptService( IBundleManager bundleManager, IOptions options, - IWebHostEnvironment hostingEnvironment, - HtmlEncoder encoder) - : base(bundleManager, options, hostingEnvironment, encoder) + IWebHostEnvironment hostingEnvironment) : base( + bundleManager, + options, + hostingEnvironment) { } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index f398edaa99..5e8e24de43 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -22,12 +22,10 @@ public class AbpTagHelperStyleService : AbpTagHelperResourceService IBundleManager bundleManager, IOptions options, IWebHostEnvironment hostingEnvironment, - IOptions securityHeadersOptions, - HtmlEncoder encoder) : base( - bundleManager, - options, - hostingEnvironment, - encoder) + IOptions securityHeadersOptions) : base( + bundleManager, + options, + hostingEnvironment) { SecurityHeadersOptions = securityHeadersOptions.Value; } From 2c81dbd2715f675b66feae7890151435749bb807 Mon Sep 17 00:00:00 2001 From: Ma Liming Date: Sun, 28 Dec 2025 16:00:43 +0800 Subject: [PATCH 3/5] Update framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs index b31994befa..940c2baa67 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs @@ -15,7 +15,7 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; public class AbpRadioInputTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; - private readonly HtmlEncoder _htmlEncoder ; + private readonly HtmlEncoder _htmlEncoder; public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) { From 3692690a866451c0d0f962f8810073097dd6d453 Mon Sep 17 00:00:00 2001 From: maliming Date: Mon, 5 Jan 2026 13:22:59 +0800 Subject: [PATCH 4/5] Use `Append` method instead of `HtmlEncoder`. --- .../Breadcrumb/AbpBreadcrumbItemTagHelperService.cs | 7 ++++--- .../Button/AbpButtonTagHelperServiceBase.cs | 2 +- .../TagHelpers/Card/AbpCardBodyTagHelperService.cs | 12 ++---------- .../Carousel/AbpCarouselItemTagHelperService.cs | 4 ++-- .../Collapse/AbpAccordionItemTagHelperService.cs | 10 +--------- .../Collapse/AbpAccordionTagHelperService.cs | 2 +- .../TagHelpers/Form/AbpInputTagHelperService.cs | 2 +- .../TagHelpers/Form/AbpRadioInputTagHelperService.cs | 7 ++----- .../TagHelpers/Form/AbpSelectTagHelperService.cs | 2 +- .../DatePicker/AbpDatePickerBaseTagHelperService.cs | 2 +- .../Modal/AbpModalHeaderTagHelperService.cs | 9 +++------ .../TagHelpers/Tab/AbpTabDropdownTagHelperService.cs | 10 +--------- .../TagHelpers/Tab/AbpTabLinkTagHelperService.cs | 12 ++---------- .../TagHelpers/Tab/AbpTabTagHelperService.cs | 12 ++---------- .../TagHelpers/Tab/AbpTabsTagHelperService.cs | 2 +- .../Bundling/TagHelpers/AbpTagHelperScriptService.cs | 1 - .../Bundling/TagHelpers/AbpTagHelperStyleService.cs | 1 - 17 files changed, 25 insertions(+), 72 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs index 3208d1c7a0..f2fbb2e4bf 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Breadcrumb/AbpBreadcrumbItemTagHelperService.cs @@ -1,4 +1,5 @@ -using Microsoft.AspNetCore.Mvc.Rendering; +using System; +using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System.Collections.Generic; using System.Text.Encodings.Web; @@ -41,12 +42,12 @@ public class AbpBreadcrumbItemTagHelperService : AbpTagHelperService : AbpTagHelperSe } var span = new TagBuilder("span"); - span.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Text!)); + span.InnerHtml.Append(TagHelper.Text!); output.Content.AppendHtml(span); } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs index 5907097d25..dea75d44d7 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Card/AbpCardBodyTagHelperService.cs @@ -1,5 +1,4 @@ using System; -using System.Text.Encodings.Web; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; @@ -8,13 +7,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Card; public class AbpCardBodyTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpCardBodyTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override void Process(TagHelperContext context, TagHelperOutput output) { output.TagName = "div"; @@ -30,7 +22,7 @@ public class AbpCardBodyTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpAccordionItemTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetRandomIdIfNotProvided(); @@ -40,7 +32,7 @@ public class AbpAccordionItemTagHelperService : AbpTagHelperService var label = new TagBuilder("label"); label.Attributes.Add("for", GetIdAttributeValue(inputTag)); - label.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.AddCssClass(isCheckbox ? "form-check-label" : "form-label"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs index 940c2baa67..b8599464e0 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/AbpRadioInputTagHelperService.cs @@ -7,7 +7,6 @@ using System.Collections.Generic; using System.Linq; using System.Reflection; using System.Text; -using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Extensions; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; @@ -15,12 +14,10 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Form; public class AbpRadioInputTagHelperService : AbpTagHelperService { private readonly IAbpTagHelperLocalizer _tagHelperLocalizer; - private readonly HtmlEncoder _htmlEncoder; - public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer, HtmlEncoder htmlEncoder) + public AbpRadioInputTagHelperService(IAbpTagHelperLocalizer tagHelperLocalizer) { _tagHelperLocalizer = tagHelperLocalizer; - _htmlEncoder = htmlEncoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -77,7 +74,7 @@ public class AbpRadioInputTagHelperService : AbpTagHelperService var label = new TagBuilder("label"); label.AddCssClass("form-label"); label.Attributes.Add("for", GetIdAttributeValue(selectTag)); - label.InnerHtml.AppendHtml(_encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.InnerHtml.AppendHtml(GetRequiredSymbol(context, output)); return label.ToHtmlString(); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs index 5088c08293..dfd9ab60e4 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Form/DatePicker/AbpDatePickerBaseTagHelperService.cs @@ -556,7 +556,7 @@ public abstract class AbpDatePickerBaseTagHelperService : AbpTagHelp var label = new TagBuilder("label"); label.Attributes.Add("for", GetIdAttributeValue(inputTag)); - label.InnerHtml.AppendHtml(Encoder.Encode(TagHelper.Label)); + label.InnerHtml.Append(TagHelper.Label); label.AddCssClass("form-label"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs index dcad9f10fa..a6e0b76683 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Modal/AbpModalHeaderTagHelperService.cs @@ -1,5 +1,4 @@ -using System.Text.Encodings.Web; -using Localization.Resources.AbpUi; +using Localization.Resources.AbpUi; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using Microsoft.Extensions.Localization; @@ -10,12 +9,10 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Modal; public class AbpModalHeaderTagHelperService : AbpTagHelperService { protected IStringLocalizer L { get; } - protected HtmlEncoder Encoder { get; } - public AbpModalHeaderTagHelperService(IStringLocalizer localizer, HtmlEncoder encoder) + public AbpModalHeaderTagHelperService(IStringLocalizer localizer) { L = localizer; - Encoder = encoder; } public override void Process(TagHelperContext context, TagHelperOutput output) @@ -30,7 +27,7 @@ public class AbpModalHeaderTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabDropdownTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { if (string.IsNullOrWhiteSpace(TagHelper.Name)) @@ -48,7 +40,7 @@ public class AbpTabDropdownTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabLinkTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -43,7 +35,7 @@ public class AbpTabLinkTagHelperService : AbpTagHelperService { - protected HtmlEncoder Encoder { get; } - - public AbpTabTagHelperService(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output) { SetPlaceholderForNameIfNotProvided(); @@ -61,7 +53,7 @@ public class AbpTabTagHelperService : AbpTagHelperService anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); return anchor.ToHtmlString(); } @@ -81,7 +73,7 @@ public class AbpTabTagHelperService : AbpTagHelperService anchor.Attributes.Add(attr.Name, attr.Value.ToString()); } - anchor.InnerHtml.AppendHtml(Encoder.Encode(title)); + anchor.InnerHtml.Append(title); var listItem = new TagBuilder("li"); listItem.AddCssClass("nav-item"); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs index 3026860ed6..c27be9a8c6 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Tab/AbpTabsTagHelperService.cs @@ -225,6 +225,6 @@ public class AbpTabsTagHelperService : AbpTagHelperService protected virtual string SetTabItemNameIfNotProvided(string content, int index) { - return content.Replace(TabItemNamePlaceHolder, HtmlGenerator.Encode(TagHelper.Name) + "_" + index); + return content.Replace(TabItemNamePlaceHolder, HtmlGenerator.Encode(TagHelper.Name ?? string.Empty) + "_" + index); } } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs index 7716787f72..0e87d88370 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperScriptService.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs index 5e8e24de43..a61d000d6b 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpTagHelperStyleService.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Rendering; From c418e2874213df2c2c7c692e5daff7d6c23273f1 Mon Sep 17 00:00:00 2001 From: maliming Date: Mon, 5 Jan 2026 13:24:16 +0800 Subject: [PATCH 5/5] Remove HtmlEncoder dependency from button tag helpers --- .../TagHelpers/Button/AbpButtonTagHelperService.cs | 3 +-- .../TagHelpers/Button/AbpButtonTagHelperServiceBase.cs | 8 -------- .../TagHelpers/Button/AbpLinkButtonTagHelperService.cs | 7 ------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs index 755699be66..d8957fb48c 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperService.cs @@ -13,8 +13,7 @@ public class AbpButtonTagHelperService : AbpButtonTagHelperServiceBase L { get; } - public AbpButtonTagHelperService(HtmlEncoder encoder, IStringLocalizer localizer) - : base(encoder) + public AbpButtonTagHelperService(IStringLocalizer localizer) { L = localizer; } diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs index e1eb8cb199..2a266ce5be 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpButtonTagHelperServiceBase.cs @@ -1,7 +1,6 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Razor.TagHelpers; using System; -using System.Text.Encodings.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; @@ -9,13 +8,6 @@ namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public abstract class AbpButtonTagHelperServiceBase : AbpTagHelperService where TTagHelper : TagHelper, IButtonTagHelperBase { - protected HtmlEncoder Encoder { get; } - - protected AbpButtonTagHelperServiceBase(HtmlEncoder encoder) - { - Encoder = encoder; - } - public override void Process(TagHelperContext context, TagHelperOutput output) { NormalizeTagMode(context, output); diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs index 295e914d4a..44dc996284 100644 --- a/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs +++ b/framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Button/AbpLinkButtonTagHelperService.cs @@ -1,17 +1,10 @@ using System; -using System.Text.Encodings.Web; using Microsoft.AspNetCore.Razor.TagHelpers; namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Button; public class AbpLinkButtonTagHelperService : AbpButtonTagHelperServiceBase { - public AbpLinkButtonTagHelperService(HtmlEncoder encoder) - : base(encoder) - { - - } - public override void Process(TagHelperContext context, TagHelperOutput output) { base.Process(context, output);