Last post Apr 21, 2010 09:57 PM by mikepetty21
Oct 14, 2009 11:32 AM|jgsnell|LINK
I'd like a property on all controls that display text, label, textbox, checkbox, etc.. that will automaticly HTML encode the text during the control's render. It'd be nice if this was defaulted to True.
Now I have to do a server.HTMLencode(string) on all my text fields and turn off pagevalidation otherwise I get the
a potentially dangerous request.form value was detected from the client
whenever people try entering in < and > symbols
Apr 21, 2010 09:57 PM|mikepetty21|LINK
In the Page_PreRender event you could call a method that iterates through all of the controls on your page. Whenever it encounters one that needs to be html encoded, it could HtmlEncode its value.
A code example is below. The method HtmlEncodeControls is recursive, so it'll iterate through all of the controls on the page. I've noticed that the value of a TextBox web control does not need to be Html encoded. However, the Label control does. The
method HtmlEncodeControls will likely need to be modified to include other controls besides just labels.
protected void Page_PreRender(object sender, EventArgs e)
protected void HtmlEncodeControls(Page page)
Control control = (Control)page;
protected void HtmlEncodeControls(Control parentControl)
foreach (Control control in parentControl.Controls)
if (control is Label)
Label label = (Label)control;
label.Text = Server.HtmlEncode(label.Text);