asp.net 2.0里当readonly遇上enableviewstate=false

2022-07-15 80酷酷网 80kuku.com

　　ado|asp.net

　　偶然在一个老外的blog里看到有这样的描述，当textbox控件里被设置为readonly时，而且页面的enableviewsate设置为false时，提交后，textbox的值会丢失，这只发生在asp.net 2.0中，在asp.net 1.0/1.1中不会出现这样的情况，代码如下：

<% Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" EnableViewState="false" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!this.IsPostBack)
        {
            this.Textbox1.Text = "readonly text";
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        this.lblMessage.Text = this.Textbox1.Text;
    }
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form runat="server" id="Form1">
<asp:textbox ID="Textbox1" runat="server" ReadOnly="true" ForeColor="silver"></asp:textbox>
<asp:textbox ID="Textbox2" runat="server" ReadOnly="true">Some Text</asp:textbox>
<asp:Button ID="Button1" runat="server" Text="Button" /><br />
<asp:Label ID="lblMessage" runat="server" Text="Label"></asp:Label>
</form>
</body>
</html>

　　在.net 2.0下运行，的确会丢失了文本框的值。最后，找到了MSDN的解析和微软的BUG反馈中心，其实这不是BUG，是.net 2.0下为了安全的一个小改变，具体摘录如下，大家就明白了：
微软的反馈为：

After careful analysis, the explanation for the observed behaviour is that:
With a design change in ASP .NET based on user security concern, the input for a readonly textbox is saved in viewstate, which doesnt happen if viewstate is disabled. To workaround this, a page developer can add the readonly attribute to the TextBox.Attributes collection, which can then be used to access the 'value' of the textbox.

We hope this clarifies. Thank you.
Web Server & Tools

MSDN 2005的解析：

The Text value of a TextBox control with the ReadOnly property set to true is sent to the server when a postback occurs, but the server does no processing for a read-only text box. This prevents a malicious user from changing a Text value that is read-only. The value of the Text property is preserved in the view state between postbacks unless modified by server-side code.