asp:BoundField and HtmlEncode

Discussion in 'ASP .Net' started by jMehdi, Jul 5, 2007.

  1. jMehdi

    jMehdi Guest

    I have the following definition:

    <asp:BoundField DataField="ThreadPostAuthor" HeaderText="<%$
    Resources:ForumsRes, StartedBy %>" SortExpression="ThreadPostAuthor"
    HtmlEncode="false" />

    When the UICulture is set to French the HeaderText displays encoded
    characters (eg: "Commencé par" instead of "Commencé par") so I've
    added the HtmlEncode attribute and it works fine.
    But if I want to encode the column's data for security reason? And why
    encoding the HeaderText??
     
    jMehdi, Jul 5, 2007
    #1
    1. Advertising

  2. jMehdi

    Roland Dick Guest

    Hi,

    jMehdi schrieb:
    > added the HtmlEncode attribute and it works fine.
    > But if I want to encode the column's data for security reason? And why
    > encoding the HeaderText??


    if there's no way to make a BoundColumn HTMLEncode your data, try a
    TemplateColumn with a Literal control instead. Literals can HTMLEncode
    the data.

    I fail to understand what HTMLEncoding has to do with security though?

    Hope this helps,

    Roland
     
    Roland Dick, Jul 6, 2007
    #2
    1. Advertising

  3. jMehdi

    jMehdi Guest

    > I fail to understand what HTMLEncoding has to do with security though?

    Data displayed by my BoundColumn is user's data. To prevent cross-site
    scripting I want to HtmlEncode the column's data, but not the
    HeaderText

    I think I have no other choice than using a TemplateColumn
     
    jMehdi, Jul 6, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Romain Salad

    Conditional <asp:BoundField

    Romain Salad, Apr 12, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    893
    Patrick.O.Ige
    Apr 12, 2006
  2. =?Utf-8?B?U0RSb3k=?=
    Replies:
    1
    Views:
    9,088
    Vlad Iliescu
    Apr 27, 2006
  3. gerinjacob
    Replies:
    0
    Views:
    426
    gerinjacob
    Sep 3, 2006
  4. Vyacheslav Lanovets

    BoundField.HtmlEncode = false does not work

    Vyacheslav Lanovets, Aug 24, 2006, in forum: ASP .Net Datagrid Control
    Replies:
    1
    Views:
    631
    Vyacheslav Lanovets
    Aug 24, 2006
  5. Ing. Winkler Bernhard

    BoundField and DataFormatString in ASP.NET 2.0 - Bug ?

    Ing. Winkler Bernhard, Nov 30, 2005, in forum: ASP .Net Web Controls
    Replies:
    3
    Views:
    1,076
Loading...

Share This Page