Re: Secure Database-Driven output to Web-Controls like Repeater

From: Eric Newton (ericnewton76_at_hotmail.com)
Date: 08/22/03 

Date: Fri, 22 Aug 2003 03:37:47 -0400

Yeah, I guess the textboxes were designed from the start to be HTML proper,
ie, if they have HTML in their text property then its HTMLEncoded so that
what is in the text is exactly what you see...

I would guess it'll always stay this way, but a simple boolean property
wouldnt hurt ;-) 

-- 
Eric Newton
eric@ensoft-software.com
C#/ASP.net Solutions developer
"ViperDK (Daniel K.)" <ViperDK@gmx.net> wrote in message
news:bhk2bl$hge$01$1@news.t-online.com...
> no i want to store all data as it is. if someone writes stuff like "i like
> <i> tags" it should get 1:1 into the database and i want an easy way to
> verify in the output that it does get encoded.
>
> i usually use DataGrids with BoundColumns like
> <asp:BoundColumn DataField="Comment"
HeaderText="Comment"></asp:BoundColumn>
>
> and yes i saw that the HtmlGenericControl has a property for the encodet
and
> the raw content. i wonder why the the TextBox WebControl hasn't that
> functionality. thought they should be first choice.
>
> "Eric Newton" <ericnewton76@hotmail.com> wrote in message
> news:#ddq561YDHA.2236@TK2MSFTNGP10.phx.gbl...
> > Well, before I can offer a solution I need a few pointers:
> >
> > - are you intending to store the actual html in the database?
> > - you said you dont care about JS/HTML that can destroy layout, which
> makes
> > things easier
> >
> > unless I'm mistaken I dont believe the "BoundColumns" in DataGrids
change
> > the valid HTML to be Encoded HTML,
> > and since the repeater utilizes templates, then you are in better
control.
> >
> > In your repeater template, are you using "<asp:label runat=server
> text='<%#
> > DataBinder.Eval... %>'>"? if so then the Text property is automatically
> HTML
> > encoded, trying changing to using the HtmlControls, specifically the
> > HtmlGenericControl and setting the InnerHtml property, whereas this
> property
> > takes a string and outputs it verbatim.
> >
> > HTH
> >
> >
> > --
> > Eric Newton
> > eric@ensoft-software.com
> > C#/ASP.net Solutions developer
>
>
>

Relevant Pages

  • Re: Secure Database-Driven output to Web-Controls like Repeater
    ... no i want to store all data as it is. ... tags" it should get 1:1 into the database and i want an easy way to ... and yes i saw that the HtmlGenericControl has a property for the encodet and ... > the valid HTML to be Encoded HTML, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: php generated html needs simple javascript function, yet my javascript sux
    ... If you click on a X button on the right hand side of the table it resets all the textboxes in that row. ... Your naming convention make it simpler, somewhat, but the naming convention could be better. ... Where the first parameter to the function call is the unique part of the element name you want to match. ... There is a bug in that code, related to your HTML as much as to my code, I will leave that as an exercise for you to discover. ...
    (comp.lang.javascript)
  • Re: Can a control produce html?
    ... ID's in the textboxes at the top of the page (along with layout and some ... textarea, this is so any manual modifications can be made and later saved to ... the user controls HTML is not being grabbed. ...
    (microsoft.public.dotnet.framework.aspnet.buildingcontrols)
  • Re: ??? How to insert a table between 2 text boxes ???
    ... In the long run you'll save a lot of time by *not* using Publisher to create html pages. ... | my cursor outside my 2 textboxes, with mouse click or key stroke. ... | "chris leeds" wrote in message ...
    (microsoft.public.frontpage.client)
  • Re: Problems with persisting textboxes on PIE
    ... Is this in a frameset? ... HTML as delivered to the device and I'll help you with this. ... > I have a problem with displaying textboxes on the Pocket IE. ... > I have a page which displays some textboxes and a button on the screen. ...
    (microsoft.public.pocketpc.developer)