G
Guest
Hi,
I am having difficulty getting the ASP.NET framework to generate valid
XHTML. My immediate problem surrounds user input in, for example, textbox
controls.
I consider characters such as less-than and ampersand perfectly valid in
user input. So I've disabled request validation by adding the following to my
web.config file.
<pages validateRequest="false" />
I have a simple page with an ASP.NET textbox and a submit button. I enter
the following test string the textbox control.
x < y && x > 0
I submit the page and allow it to simply re-render, which generates the
following HTML.
<input name="TextBox1" type="text" value="x < y && x > 0" id="TextBox1" />
This is not valid XHTML: the less-than and greater-than characters need to
be escaped.
Why is the framework escaping the ampersand but not the less-than and
greater-than characters?
I have tried to work around this by deriving from HtmlTextWriter and
overriding various methods so that I can HttpUtility.HtmlEncode() attribute
values, but the ampersand escaping appears to be hardcoded into the base
HtmlTextWriter: I always end up with double-escaping of the ampersands. e.g.
I get:
<input value="<" />
instead of what I want, which is
<input value="<" />
Futher, because the HtmlTextWriter allows control authors to generate
whatever output they want via calls to Write(string), I don't think I can
have any control over the generated HTML at all. For example, I can do the
following in a custom control.
protected override void Render(HtmlTextWriter writer)
{
writer.Write("<input value=\"");
writer.Write("whatever I want & < in here");
writer.Write("\" >");
}
So the HtmlTextWriter has absolutely no idea whether I'm hacking together an
element, attribute or what.
I'm left wondering if the only way I can get valid XHTML is to override
every single Render() method of every control I want to use!? In which case
I'm losing just about all of the benefit of using built-in / 3rd-party
controls in the first place. Can anyone see a better way?
Thanks,
- Lee
I am having difficulty getting the ASP.NET framework to generate valid
XHTML. My immediate problem surrounds user input in, for example, textbox
controls.
I consider characters such as less-than and ampersand perfectly valid in
user input. So I've disabled request validation by adding the following to my
web.config file.
<pages validateRequest="false" />
I have a simple page with an ASP.NET textbox and a submit button. I enter
the following test string the textbox control.
x < y && x > 0
I submit the page and allow it to simply re-render, which generates the
following HTML.
<input name="TextBox1" type="text" value="x < y && x > 0" id="TextBox1" />
This is not valid XHTML: the less-than and greater-than characters need to
be escaped.
Why is the framework escaping the ampersand but not the less-than and
greater-than characters?
I have tried to work around this by deriving from HtmlTextWriter and
overriding various methods so that I can HttpUtility.HtmlEncode() attribute
values, but the ampersand escaping appears to be hardcoded into the base
HtmlTextWriter: I always end up with double-escaping of the ampersands. e.g.
I get:
<input value="<" />
instead of what I want, which is
<input value="<" />
Futher, because the HtmlTextWriter allows control authors to generate
whatever output they want via calls to Write(string), I don't think I can
have any control over the generated HTML at all. For example, I can do the
following in a custom control.
protected override void Render(HtmlTextWriter writer)
{
writer.Write("<input value=\"");
writer.Write("whatever I want & < in here");
writer.Write("\" >");
}
So the HtmlTextWriter has absolutely no idea whether I'm hacking together an
element, attribute or what.
I'm left wondering if the only way I can get valid XHTML is to override
every single Render() method of every control I want to use!? In which case
I'm losing just about all of the benefit of using built-in / 3rd-party
controls in the first place. Can anyone see a better way?
Thanks,
- Lee