HtmlEncode with apostrophes

A

Andy Fish

When using databinding, I have gotten into the habit of using single quotes
(apostrophe) round attribute values rather than double quotes because this
allows visual studio to work when there are quotation marks in the
databinding expression. As far as I can tell this seems to be recommended
practice.

However, I just realised that HtmlEncode doesn't encode apostrophes, so if
you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?
Assuming not, does this mean I have to write my own version of HtmlEncode?

TIA

Andy
 
N

Nicole Calinoiu

Andy Fish said:
When using databinding, I have gotten into the habit of using single
quotes (apostrophe) round attribute values rather than double quotes
because this allows visual studio to work when there are quotation marks
in the databinding expression. As far as I can tell this seems to be
recommended practice.

"Recommended" might be pushing things a bit. <g> It works, but consistently
using double quotes to wrap attributes will generally make your HTML a bit
easier to maintain.

However, I just realised that HtmlEncode doesn't encode apostrophes,

But it will encode the double quote character, so things would be a bit
easier if you were wrapping with double quotes.

so if you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?

You can do it, but it will require a bit more work.

Assuming not, does this mean I have to write my own version of HtmlEncode?

You should really do this anyway in order to facilitate handling of other
"interesting" scenarios (e.g.: encoding of text to be used as a literal
string in client-side javascript). The easiest way to implement this is to
call the provided HtmlEncode method, then massage the resulting string as
required for its intended used.
 
N

Nicole Calinoiu

Andy Fish said:
When using databinding, I have gotten into the habit of using single
quotes (apostrophe) round attribute values rather than double quotes
because this allows visual studio to work when there are quotation marks
in the databinding expression. As far as I can tell this seems to be
recommended practice.

"Recommended" might be pushing things a bit. <g> It works, but consistently
using double quotes to wrap attributes will generally make your HTML a bit
easier to maintain.

However, I just realised that HtmlEncode doesn't encode apostrophes,

But it will encode the double quote character, so things would be a bit
easier if you were wrapping with double quotes.

so if you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?

You can do it, but it will require a bit more work.

Assuming not, does this mean I have to write my own version of HtmlEncode?

You should really do this anyway in order to facilitate handling of other
"interesting" scenarios (e.g.: encoding of text to be used as a literal
string in client-side javascript). The easiest way to implement this is to
call the provided HtmlEncode method, then massage the resulting string as
required for its intended used.
 
A

Andy Fish

After writing my own HtmlEncode method, I realised that &apos; is not part
of the HTML 4 standard and also IE does not support it.

I conclude that it is not possible to use single quotes round attribute
values if the attribute value could itelf contain a single quote mark (i.e.
apostrophe). It seems unfortunate that so many examples use this style.
 
N

Nicole Calinoiu

Try using ' instead of &apos;.



Andy Fish said:
After writing my own HtmlEncode method, I realised that &apos; is not part
of the HTML 4 standard and also IE does not support it.

I conclude that it is not possible to use single quotes round attribute
values if the attribute value could itelf contain a single quote mark
(i.e. apostrophe). It seems unfortunate that so many examples use this
style.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top