asp.net 2. 0 hyperlink DataNavigateUrlFormatString

[Vincent]

Hi, I have a problem when I put the 3rd field into a hyperlink field
it does not show up. Here's my example:

This works and the url is:

http://gl.aspx?whs=1&dept=02


<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>


but if I add a 3rd field (see below) to the
datanavigateurlformatstring This does not work and the url it produces
is:

http://gl.aspx

with nothing after it.

<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>

Any help would be appreciated. I should note that I use VS 2005 to
create the page. Thansk. vin.

 

[Guest]

Hi there,

You can have as many data field as you want. The problem is caused by a
datetime field, which after evaluation contains ':'. I had a look at
System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
is potentially dangerous by calling
System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :

internal static bool IsDangerousUrl(string s)
{
if (string.IsNullOrEmpty(s))
{
return false;
}
s = s.Trim();
int num1 = s.Length;
if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
|| (s[4] == 'S'))) && (s[5] == ':'))))
{
return false;
}
int num2 = s.IndexOf(':');
if (num2 == -1)
{
return false;
}
return true;
}

As you can see, any occurrence of ':' causes function to return true.
Unfortunately, the HyperLinkField does not have HtmlEncode property such as
BoundField or CheckBocField do. In order to resolve the issue, remove ':'
from datevaluesformatstring by specifying format string explicitly i.e.
~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
and then parsing query string using DateTime.ParseExact() method, or apply
HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
source

Hope this helps


Milosz

 

[Vincent]

Hi there,

You can have as many data field as you want. The problem is caused by a
datetime field, which after evaluation contains ':'. I had a look at
System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
is potentially dangerous by calling
System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :

internal static bool IsDangerousUrl(string s)
{
if (string.IsNullOrEmpty(s))
{
return false;
}
s = s.Trim();
int num1 = s.Length;
if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
|| (s[4] == 'S'))) && (s[5] == ':'))))
{
return false;
}
int num2 = s.IndexOf(':');
if (num2 == -1)
{
return false;
}
return true;

}

As you can see, any occurrence of ':' causes function to return true.
Unfortunately, the HyperLinkField does not have HtmlEncode property such as
BoundField or CheckBocField do. In order to resolve the issue, remove ':'
from datevaluesformatstring by specifying format string explicitly i.e.
~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
and then parsing query string using DateTime.ParseExact() method, or apply
HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
source

Hope this helps

Milosz

Hi, I have a problem when I put the 3rd field into a hyperlink field
it does not show up. Here's my example:

This works and the url is:

<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>

but if I add a 3rd field (see below) to the
datanavigateurlformatstring This does not work and the url it produces
is:

with nothing after it.

<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>

Any help would be appreciated. I should note that I use VS 2005 to
create the page. Thansk. vin.- Hide quoted text -

- Show quoted text -

That was it milosz, I changed the date format as specified above and I
was able to see it in the query string... Thanks for your help. -
Vincent.