asp.net 2. 0 hyperlink DataNavigateUrlFormatString

Discussion in 'ASP .Net' started by Vincent, Feb 27, 2007.

  1. Vincent

    Vincent Guest

    Hi, I have a problem when I put the 3rd field into a hyperlink field
    it does not show up. Here's my example:

    This works and the url is:

    http://gl.aspx?whs=1&dept=02


    <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
    DataTextField="Amount" HeaderText="Sku Value"
    NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    DataTextFormatString="{0:c}" >
    <ItemStyle HorizontalAlign="Right" />
    <FooterStyle HorizontalAlign="Right" />
    </asp:HyperLinkField>


    but if I add a 3rd field (see below) to the
    datanavigateurlformatstring This does not work and the url it produces
    is:

    http://gl.aspx

    with nothing after it.

    <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
    DataTextField="Amount" HeaderText="Sku Value"
    NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    DataTextFormatString="{0:c}" >
    <ItemStyle HorizontalAlign="Right" />
    <FooterStyle HorizontalAlign="Right" />
    </asp:HyperLinkField>

    Any help would be appreciated. I should note that I use VS 2005 to
    create the page. Thansk. vin.
    Vincent, Feb 27, 2007
    #1
    1. Advertising

  2. Hi there,

    You can have as many data field as you want. The problem is caused by a
    datetime field, which after evaluation contains ':'. I had a look at
    System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
    is potentially dangerous by calling
    System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :

    internal static bool IsDangerousUrl(string s)
    {
    if (string.IsNullOrEmpty(s))
    {
    return false;
    }
    s = s.Trim();
    int num1 = s.Length;
    if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
    't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
    'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
    || (s[4] == 'S'))) && (s[5] == ':'))))
    {
    return false;
    }
    int num2 = s.IndexOf(':');
    if (num2 == -1)
    {
    return false;
    }
    return true;
    }

    As you can see, any occurrence of ':' causes function to return true.
    Unfortunately, the HyperLinkField does not have HtmlEncode property such as
    BoundField or CheckBocField do. In order to resolve the issue, remove ':'
    from datevaluesformatstring by specifying format string explicitly i.e.
    ~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
    and then parsing query string using DateTime.ParseExact() method, or apply
    HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
    source

    Hope this helps


    Milosz


    "Vincent" wrote:

    > Hi, I have a problem when I put the 3rd field into a hyperlink field
    > it does not show up. Here's my example:
    >
    > This works and the url is:
    >
    > http://gl.aspx?whs=1&dept=02
    >
    >
    > <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    > DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
    > DataTextField="Amount" HeaderText="Sku Value"
    > NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    > DataTextFormatString="{0:c}" >
    > <ItemStyle HorizontalAlign="Right" />
    > <FooterStyle HorizontalAlign="Right" />
    > </asp:HyperLinkField>
    >
    >
    > but if I add a 3rd field (see below) to the
    > datanavigateurlformatstring This does not work and the url it produces
    > is:
    >
    > http://gl.aspx
    >
    > with nothing after it.
    >
    > <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    > DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
    > DataTextField="Amount" HeaderText="Sku Value"
    > NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    > DataTextFormatString="{0:c}" >
    > <ItemStyle HorizontalAlign="Right" />
    > <FooterStyle HorizontalAlign="Right" />
    > </asp:HyperLinkField>
    >
    > Any help would be appreciated. I should note that I use VS 2005 to
    > create the page. Thansk. vin.
    >
    >
    =?Utf-8?B?TWlsb3N6IFNrYWxlY2tpIFtNQ0FEXQ==?=, Feb 28, 2007
    #2
    1. Advertising

  3. Vincent

    Vincent Guest

    On Feb 28, 9:25 am, Milosz Skalecki [MCAD] <>
    wrote:
    > Hi there,
    >
    > You can have as many data field as you want. The problem is caused by a
    > datetime field, which after evaluation contains ':'. I had a look at
    > System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
    > is potentially dangerous by calling
    > System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :
    >
    > internal static bool IsDangerousUrl(string s)
    > {
    > if (string.IsNullOrEmpty(s))
    > {
    > return false;
    > }
    > s = s.Trim();
    > int num1 = s.Length;
    > if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
    > 't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
    > 'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
    > || (s[4] == 'S'))) && (s[5] == ':'))))
    > {
    > return false;
    > }
    > int num2 = s.IndexOf(':');
    > if (num2 == -1)
    > {
    > return false;
    > }
    > return true;
    >
    > }
    >
    > As you can see, any occurrence of ':' causes function to return true.
    > Unfortunately, the HyperLinkField does not have HtmlEncode property such as
    > BoundField or CheckBocField do. In order to resolve the issue, remove ':'
    > from datevaluesformatstring by specifying format string explicitly i.e.
    > ~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
    > and then parsing query string using DateTime.ParseExact() method, or apply
    > HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
    > source
    >
    > Hope this helps
    >
    > Milosz
    >
    >
    >
    > "Vincent" wrote:
    > > Hi, I have a problem when I put the 3rd field into a hyperlink field
    > > it does not show up. Here's my example:

    >
    > > This works and the url is:

    >
    > >http://gl.aspx?whs=1&dept=02

    >
    > > <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    > > DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
    > > DataTextField="Amount" HeaderText="Sku Value"
    > > NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    > > DataTextFormatString="{0:c}" >
    > > <ItemStyle HorizontalAlign="Right" />
    > > <FooterStyle HorizontalAlign="Right" />
    > > </asp:HyperLinkField>

    >
    > > but if I add a 3rd field (see below) to the
    > > datanavigateurlformatstring This does not work and the url it produces
    > > is:

    >
    > >http://gl.aspx

    >
    > > with nothing after it.

    >
    > > <asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
    > > DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
    > > DataTextField="Amount" HeaderText="Sku Value"
    > > NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
    > > DataTextFormatString="{0:c}" >
    > > <ItemStyle HorizontalAlign="Right" />
    > > <FooterStyle HorizontalAlign="Right" />
    > > </asp:HyperLinkField>

    >
    > > Any help would be appreciated. I should note that I use VS 2005 to
    > > create the page. Thansk. vin.- Hide quoted text -

    >
    > - Show quoted text -


    That was it milosz, I changed the date format as specified above and I
    was able to see it in the query string... Thanks for your help. -
    Vincent.
    Vincent, Feb 28, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Coder Coder

    DataNavigateUrlFormatString

    Coder Coder, Jul 9, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    7,240
    Joshua Flanagan
    Aug 6, 2003
  2. =?Utf-8?B?bXN1aw==?=

    asp.net 1.1 datagrid and DataNavigateUrlFormatString

    =?Utf-8?B?bXN1aw==?=, Jun 20, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    3,852
    =?Utf-8?B?bXN1aw==?=
    Jun 22, 2006
  3. Replies:
    0
    Views:
    454
  4. davetichenor
    Replies:
    1
    Views:
    810
    Eliyahu Goldin
    Oct 30, 2006
  5. Dave
    Replies:
    0
    Views:
    927
Loading...

Share This Page