HTML encoding of asp controls.

G

Guogang

I find that the HTML encoding of asp web controls are inconsistent.

Say, I want to show the string "<script> alter("test") <script>". For a
"BoundColumn" used in DataGrid, I get an *real alert box* instead
of the string. In order for it to be shown correctly, I have to call
"Server.HtmlEncode" before set the text.

But if I use "asp:TextBox" control, I can not do "Server.HtmlEncode"
before I set the text. Otherwise, I will see this on my web page: "&lt;..."

Is there a general rule, or documentation of which controls will do HTML
encoding automatically, which don't?

Thanks,
Guogang
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top