Web Forms :: HtmlEncode() And HtmlDecode() Not Working Correctly?
Dec 20, 2010
I have a url which I wish to encode that contains a couple of encrypted querystring parameters:
[URL]
I've been asked by a client I'm working with to html encode this url. I've used HttpUtility.HtmlEncode() to do this. This returned the following:
[URL]
This appears to be correct as the '&' has been replaced with '&'. However a problem arises when I try to use HttpUtility.HtmlDecode() on this new value as I get the following returned:
[URL]
What appears to have occurred is the '&' has had the 'amp' removed and the ';' has been html encoded (I checked the value of '%3b' and it corresponds with the html encoded value of a semi-colon). I'm not sure why this is happening?
I realise I could manually do a .Replace("%3b", "") as a temporary fix but I can't see this being a good long-term solution.
I have a text area and I want to store the text entered by user in database with html formatting like paragraph break, numbered list. I am using HTMLencode and HTMLdecode for this.Sample of my code is like this:
If user entered text with 2 paragraphs, str1 shows characters between paragraphs. but when it writes it to screen, just append 2nd paragraph with 1st. While I'm decoding it, why doesn't it print 2 paragraphs?
Trying to protect against XSS on a CMS I'm working and I therefore encode all necessary client input but on retrieval from DB, I'm getting all these funny HTML characters displayed on the HTML Page as a result of the encoding.
I'm considering appending a decode on retrieval but I'm wondering what the point of the inital encoding is if I decode eventually.
Please how do I effectively mitigate the XSS issue using the encode/decode avenue.
I have a simple file input field that utilizes a File.Copy routine to move the file from the local store to the server. This part of the application works fine in staging but in production I had to establish a work around in order to get it to work. I have the users do a Save As on the file they want to upload and then slightly change the name of the file and then it will upload. I do not have to do this in staging with the same file in order for it to work. I am racking my brain as to whether this is a permissions issue or code issue or what.
I've got a form with 3 drop down lists. If I choose a report on the Actions DDL, which displays a sql report as a pdf, then select an item in one of the other DDL's, the SelectedIndexChanged event for the Actions DDL is fired again. I can't get the other DDL's SelectedIndexChanged event to fire.
Private _theskin As String Public Property theskin() As String Get Return _theskin End Get Set(ByVal value As String) _theskin = String.Empty End Set End Property
I was then expecting to be able to access these properties from the default.aspx.vb page in this way;
If Master.theskin = foo Then do things End if
In the default.aspx.vb the code is highlighted with blue underline and says;
theskin is not a member of system.Web.Ui.Masterpage
Am I making an error somewhere along the line? Do I need to do more to be able to expose the properties to default.aspx.vb?
I have an AJAX enabled ASP.Net 3.5 app in which I have:
A Master PageA Web Content PageA User ControlMore precisely, there's a Placeholder control in the Web Content Page into which one of many User Controls are loaded (one at a time or none at all).
The basic User Control I'm working with has a bunch of Labels and one DropDown ListBox. The latter control is a date selector - ie. June 2010, May 2010, April 2010, etc. When the user changes the date, since AutoPostBack = true for the control, a PostBack occurs. But when this happens, the User Control disappears!
All I want is for a partial postback to occur so that I can use the new date to repopulate the various Label controls. I even put the Placerholder control in its own UpdatePanel but this didn't resolve anything - the User Control still disappeared.
I got a textbox in my form and I want to when a user start typing in the textbox the listbox below the textbox will select the item that starts with that string
for example, it i type I
than in myserver side code will call that SearchString method which will go through that listbox and do the rest...
I have a formview that displays user info from a dropdownlist. One account may have many users, but one account Primary. I am trying to disable the Edit/Delete button in the formview if the selected ID is the account primary. The problem I get is this.
Step 1: page_load - the primary user is displayed by default, but the delete button is enabled - not right
Step 2: I use the dropdownlist to select another user (not the primary) - everything's fine
Step 3: I then select the Primary User, the Delete Button is disabled - perfect
Step 4: select another user, delete button still disabled - Not right.
[Code]....
1. As you can see my sqlSelect Parameters are bound to the DropDownList.SelectedValue, but is t seems like my if statement for comparing selecteduser to varAdminID doesn't work except once.
So to help debug, i added a label control that displays the selected userID, but on page load the label is blank. but it displays the first record on the list anyway. so if this is the reason for not disabling the delete button on page load then why later does it not reable the button when the user is not the primary, and the UserID is displayed on the label and it is not the primary userid?
I know this may not be the place, but can anyone provide me with good cart32 support forums or something that people actually check on a daily basis like this forum?I have posted in the yahoogroups for cart32, i have asked for help from the host and cant get good help on this issue.Trying to work with Shipping Types and trying to handle from the code side doesnt work and from the cart configuration doesnt work as expected.. My original post on the other forum can be seen here: [URL]
I have added two update panels to my page. I'm trying to update the first panel but not the second. The second panel contains validation controls which seem to be kicking in no matter what I try.
I have used Server.HtmlEncode(MY TEXT) to display data,
I have setted the page property validateRequest="false" in .config file,
all this is working fine.since I have large application using hundreds of labels and text boxes to show data,
so, now it is almost impossible ( time consuming ) for me to place Server.HtmlEncode(MY TEXT) every where while setting data to them e.g. in label.text, textbox.text, etc
is there is any way to set the property some where and all the labels and text boxes automatically use Server.HtmlEncode() when i set there text
I am using a nested repeater to display users popsts and replies to the posts. The posts can be two different types, just a comment, or a comment with statistics. To display the stats column, I am building the data in the SQL like:
[Code]....
This displays Ride Time as HH:MM. I am bolding the header (RT) with the <strong> embedded in theSQL. If I bind the result into a gridview, where I can turn the HTML Encode property = false, the RT is bolded. Is there a way to accomplish this in a repeater?
For protect against XSS we should make all input from textboxes thoht Server.Htmlencode function.
1) If i let a input go thorgh Server.Htmlencode and save it in database. But what happen if i letter show this input data from database on browerser ...if database input data have <script> it will then make Xss!!!!.
2) I use Server.Htmlencode.. and the user write <b>ss<b>... (label.text = userinput.text;) and i WANT to show ss in browser. What shuld i do for make this happen ??
We are using gridview to display data and detailsview to show details, update, insert, and delete as needed. I am a bit confused on whether or not htmlencode and htmldecode is needed when storing data from detailsview. Gridviews always use boundfields and I think encoding and decoding is built in. For detailsview we use mostly templatefields (eval(), bind()), some boundfields, and some data is stored in codebehind using e.values[] or e.newvalues[].Here is where I've got the idea:http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.detailsview.itemupdated.aspxIf I use the iteration and htmlencode, detailsview read only mode displays decoded data. However, gridview displays encoded data and of course update mode of detailsview. So, it seems like detailsview using htmlencode and htmldecode somewhat, but I am not clear as to what degree and what would be the best way to handle it.
I have written a tiered application for a mate of mine to store and manage his massive CD collection. When I save the Album name I HTMLEnchode the input. I then use a drop down list on another page that pulls back all the Albums liked to a Specific artist but when i get the data back from my Object data source the data is still enchoded. At what point do i need to decode the data? Is it right at the begining in the DAL or in the actual drop down list.
we are experiencing big difficulties in the configuration of ASP.Net state service and II7. The service seems not working correctly because when the application pools recycles the applicatio loose the session.If we try the same configuration in IIS6 it works correcly.What is the correct way to configure the aspnet session state service in iis7?
I have been trying to create dynamic path for my css files to allow statrup application regardless of application path. I have srtange behavious with <%=
[Code]....
I believe above should generate app path, but it looks <%= is ignored and the code on my webside looks like this
[Code]....
When I move <%=Request.ApplicationPath%> outside href attribute or move whole link tag to body it works fine
I am trying to set up a POST from one aspx file to another progromatically. Inside the POST is a String of XML data which i have properly added to Server.HtmlEncode(). For some reason, when I grab it in my logs on the other page, it is showing with 3 question marks. I at first thought it was logging text i left somewhere, but have narrowed it down to a Encoding error of some sort because when i change the encoding it changes the character, and when I just put some text in there, i see it on the other side fine. i have tried UTF 8,UTF32,Unicode,ASCII... Can't seem to find the right combination. Can't find the UTF-16 when I use the Encoding object
Below is my Code:
[Code]....My Sending Debug log has the Extension xml coming out in HTML format correctly before POST. Below is just a piece of it[Code]....
I have this string test = HttpUtility.HtmlDecode("http://test.com/Folder1/Folder2/my%20view.aspx");When I look into test it still has %20 instead of a space. Why is it not decoding this?
I have a list of character that display fine in WebBrowser in the form of encoded characters such as € � ... But when posting these characters onto server to I realized that HttpUtility.HtmlDecode cannot convert them to characters as browser did, they all become space.
text = System.Web.HttpUtility.HtmlDecode("€");
I expect it to return € but it return space instead. The same thing happen for some other characters as well.
This stems from a recent similiar issue: I have since add edit capabilities.My access db is made up of imported records from recipes. In the memo fields are paragraphs users have typed replete with ingredients listed in succession (1 per line) then a normal paragraph follows. When in editmode(multi line textbox), suddenly in each line ends with <br>. How to fix this? I want to preserve the line breaks od course.
As the title of this post already mentioned, I'm using a modal popup window to edit rows in the gridview. One column in the gridview contains an URL code. When I fire the edit button a popup opens and show the URL in a textbox in this format: [URL]
When I am using the Server.HTMLDecode function, the modal popup doesn't close anymore.
I am using the following code:
[Code]....
The funny thing is, when I change it to: txtURL.Text = row.Cells[3].Text; then I can close the modal popup, but unfortunately it is not decoded.
