Search Results

Search found 72 results on 3 pages for 'htmlencode'.

Page 2/3 | < Previous Page | 1 2 3  | Next Page >

  • The name 'GridView1' does not exist in the current context

    - by sameer
    hi all, I have two files named as TimeSheet.aspx.cs and TimSheet.aspx ,code of the file are given below for your reference. when i build the application im getting error "The name 'GridView1' does not exist in the current context" even thought i have a control with the id GridView1 and i have added the runat="server" as well. Im not able to figure out what is causing this issue.Can any one figure whats happen here. Thanks & Regards, ======================================= TimeSheet.aspx.cs ======================================= #region Using directives using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using TSMS.Web.UI; #endregion public partial class TimeSheets: Page { protected void Page_Load(object sender, EventArgs e) { FormUtil.RedirectAfterUpdate(GridView1, "TimeSheets.aspx?page={0}"); FormUtil.SetPageIndex(GridView1, "page"); FormUtil.SetDefaultButton((Button)GridViewSearchPanel1.FindControl("cmdSearch")); } protected void GridView1_SelectedIndexChanged(object sender, EventArgs e) { string urlParams = string.Format("TimeSheetId={0}", GridView1.SelectedDataKey.Values[0]); Response.Redirect("TimeSheetsEdit.aspx?" + urlParams, true); } protected void GridView1_RowCommand(object sender, GridViewCommandEventArgs e) { } } ======================================================= TimeSheet.aspx ======================================================= <%@ Page Language="C#" Theme="Default" MasterPageFile="~/MasterPages/admin.master" AutoEventWireup="true" CodeFile="TimeSheets.aspx.cs" Inherits="TimeSheets" Title="TimeSheets List" %> <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder2" Runat="Server">Time Sheets List</asp:Content> <asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server"> <data:GridViewSearchPanel ID="GridViewSearchPanel1" runat="server" GridViewControlID="GridView1" PersistenceMethod="Session" /> <br /> <data:EntityGridView ID="GridView1" runat="server" AutoGenerateColumns="False" OnSelectedIndexChanged="GridView1_SelectedIndexChanged" DataSourceID="TimeSheetsDataSource" DataKeyNames="TimeSheetId" AllowMultiColumnSorting="false" DefaultSortColumnName="" DefaultSortDirection="Ascending" ExcelExportFileName="Export_TimeSheets.xls" onrowcommand="GridView1_RowCommand" > <Columns> <asp:CommandField ShowSelectButton="True" ShowEditButton="True" /> <asp:BoundField DataField="TimeSheetId" HeaderText="Time Sheet Id" SortExpression="[TimeSheetID]" ReadOnly="True" /> <asp:BoundField DataField="TimeSheetTitle" HeaderText="Time Sheet Title" SortExpression="[TimeSheetTitle]" /> <asp:BoundField DataField="StartDate" DataFormatString="{0:d}" HtmlEncode="False" HeaderText="Start Date" SortExpression="[StartDate]" /> <asp:BoundField DataField="EndDate" DataFormatString="{0:d}" HtmlEncode="False" HeaderText="End Date" SortExpression="[EndDate]" /> <asp:BoundField DataField="DateOfCreation" DataFormatString="{0:d}" HtmlEncode="False" HeaderText="Date Of Creation" SortExpression="[DateOfCreation]" /> <data:BoundRadioButtonField DataField="Locked" HeaderText="Locked" SortExpression="[Locked]" /> <asp:BoundField DataField="ReviewedBy" HeaderText="Reviewed By" SortExpression="[ReviewedBy]" /> <data:HyperLinkField HeaderText="Employee Id" DataNavigateUrlFormatString="EmployeesEdit.aspx?EmployeeId={0}" DataNavigateUrlFields="EmployeeId" DataContainer="EmployeeIdSource" DataTextField="LastName" /> </Columns> <EmptyDataTemplate> <b>No TimeSheets Found!</b> </EmptyDataTemplate> </data:EntityGridView> <asp:GridView ID="GridView2" runat="server"> </asp:GridView> <br /> <asp:Button runat="server" ID="btnTimeSheets" OnClientClick="javascript:location.href='TimeSheetsEdit.aspx'; return false;" Text="Add New"></asp:Button> <data:TimeSheetsDataSource ID="TimeSheetsDataSource" runat="server" SelectMethod="GetPaged" EnablePaging="True" EnableSorting="True" EnableDeepLoad="True" > <DeepLoadProperties Method="IncludeChildren" Recursive="False"> <Types> <data:TimeSheetsProperty Name="Employees"/> <%--<data:TimeSheetsProperty Name="TimeSheetDetailsCollection" />--%> </Types> </DeepLoadProperties> <Parameters> <data:CustomParameter Name="WhereClause" Value="" ConvertEmptyStringToNull="false" /> <data:CustomParameter Name="OrderByClause" Value="" ConvertEmptyStringToNull="false" /> <asp:ControlParameter Name="PageIndex" ControlID="GridView1" PropertyName="PageIndex" Type="Int32" /> <asp:ControlParameter Name="PageSize" ControlID="GridView1" PropertyName="PageSize" Type="Int32" /> <data:CustomParameter Name="RecordCount" Value="0" Type="Int32" /> </Parameters> </data:TimeSheetsDataSource> </asp:Content>

    Read the article

  • Decode HTML entities in android

    - by johboh
    Hi there. I need to decode HTML entities, e.g. from &#246; to ö, and &amp; to &. URLEncoder.decode(str) does not do the job (convert from % notations). TextUtils has a HTMLencode, but not a HTMLdecode. Are there any function for decoding HTML entities? Regards, Johan

    Read the article

  • Encoding Special Characters For Outlook HTML Email

    - by n0chi
    I have an asp.net / C# page which takes a comment, and then emails that comment. Sometimes when the user enters "&" in the comment, the comment is being truncated. So for example if the comment is "test & test" the email only sends out "test ". I have tried HttpUtility.HtmlEncode - but it looks like the issue is on the outlook side and not on the C# side.

    Read the article

  • URI encode and HTML encode

    - by Anil Namde
    If I have the xml/html data to post we need to encode the data to avoid the XSS validation. So should we use HTMLencode or URI encoding for this. If URI encoding is used will it cause issues as form POST automatically URI encode all the data before sending.

    Read the article

  • Javascript Injection and Sql Script injection

    - by Pranali Desai
    Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql Script injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

    Read the article

  • How to create a route that catch all pdf file?

    - by VinnyG
    I want to have my pdf files sent this way to my users : public ActionResult GetPDF( string filename ) { return File( filename, "application/pdf", Server.HtmlEncode( filename ) ); } But I don't know how to create a route that will catch all the different pdf file in my site? Thanks a lot for the help!

    Read the article

  • URI encode and HTML ecnode

    - by Anil Namde
    If i have the xml/html data to post we need to encode the data to avoid the XSS validation. So should we use HTMLencode or URI encoding for this. If URI encoding is used will it cause issues as form POST automatically URI encode all the data before sending.

    Read the article

  • Disadvantage of HttpUtility.HtmlAttributeEncode

    - by vinay_rockin
    I have to encode a field so to make it secure of script injection. I know I can use HttpUtility.HtmlEncode and Decode, but this method for HI-ASCII characters goes out of the range of the field size in database and I dont want to change the size of data field column. Instead if I use HttpUtility.HtmlAttributeEncode, it works fine because it does not encode the HI-ASCII characters. Is it safe what can be the disadvantages of it.

    Read the article

  • Do I only have to worry about XSS and Sql injection?

    - by Pranali Desai
    Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • Store and retrieve html from sql server 2008 and display using ASP.NET MVC?

    - by VJ
    Hi all I am trying to store html and hyperlinks in my sql server 2008 database. I want to also be able to display the hyperlinks and render the html accordingly. I am trying to do this in ASP.NET MVC so I tried using HTTPUtility.HtmlEncode() method but didnt really store it thw way I wanted. So can anyone please guide me through the steps i need to take to achieve this.

    Read the article

  • ASP.Net - How do I allow users to enter html tags in textbox without runtime errors?

    - by Coder
    I have an input textbox on an asp.net page and when a user inputs any tags like break tags or bold an error occurs. I currently am using the following to encode the input: Server.HtmlEncode(mytextbox.Text) However this only encodes characters when they aren't phrased as an html tag, like if the input is "<<<" is there a way for me to allow the user to put the tags in without it leading to a runtime error? Thanks.

    Read the article

  • Wishful Thinking: Why can't HTML fix Script Attacks at the Source?

    - by Rick Strahl
    The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as input for listings. The first line of defense of course is: Just say no to HTML input from users. If you don't allow HTML input directly and use HTML Encoding (HttyUtility.HtmlEncode() in .NET or using standard ASP.NET MVC output @Model.Content) you're fairly safe at least from the HTML input provided. Both WebForms and Razor support HtmlEncoded content, although Razor makes it the default. In Razor the default @ expression syntax:@Model.UserContent automatically produces HTML encoded content - you actually have to go out of your way to create raw HTML content (safe by default) using @Html.Raw() or the HtmlString class. In Web Forms (V4) you can use:<%: Model.UserContent %> or if you're using a version prior to 4.0:<%= HttpUtility.HtmlEncode(Model.UserContent) %> This works great as a hedge against embedded <script> tags and HTML markup as any HTML is turned into text that displays as HTML but doesn't render the HTML. But it turns any embedded HTML markup tags into plain text. If you need to display HTML in raw form with the markup tags rendering based on user input this approach is worthless. If you do accept HTML input and need to echo the rendered HTML input back, the task of cleaning up that HTML is a complex task. In the projects I work on, customers are frequently asking for the ability to post raw HTML quite frequently.  Almost every app that I've built where there's document content from users we start out with text only input - possibly using something like MarkDown - but inevitably users want to just post plain old HTML they created in some other rich editing application. See this a lot with realtors especially who often want to reuse their postings easily in multiple places. In my work this is a common problem I need to deal with and I've tried dozens of different methods from sanitizing, simple rejection of input to custom markup schemes none of which have ever felt comfortable to me. They work in a half assed, hacked together sort of way but I always live in fear of missing something vital which is *really easy to do*. My Wishlist Item: A <restricted> tag in HTML Let me dream here for a second on how to address this problem. It seems to me the easiest place where this can be fixed is: In the browser. Browsers are actually executing script code so they have a lot of control over the script code that resides in a page. What if there was a way to specify that you want to turn off script code for a block of HTML? The main issue when dealing with HTML raw input isn't that we as developers are unaware of the implications of user input, but the fact that we sometimes have to display raw HTML input the user provides. So the problem markup is usually isolated in only a very specific part of the document. So, what if we had a way to specify that in any given HTML block, no script code could execute by wrapping it into a tag that disables all script functionality in the browser? This would include <script> tags and any document script attributes like onclick, onfocus etc. and potentially also disallow things like iFrames that can potentially be scripted from the within the iFrame's target. I'd like to see something along these lines:<article> <restricted allowscripts="no" allowiframes="no"> <div>Some content</div> <script>alert('go ahead make my day, punk!");</script> <div onfocus="$.getJson('http://evilsite.com/')">more content</div> </restricted> </article> A tag like this would basically disallow all script code from firing from any HTML that's rendered within it. You'd use this only on code that you actually render from your data only and only if you are dealing with custom data. So something like this:<article> <restricted> @Html.Raw(Model.UserContent) </restricted> </article> For browsers this would actually be easy to intercept. They render the DOM and control loading and execution of scripts that are loaded through it. All the browser would have to do is suspend execution of <script> tags and not hookup any event handlers defined via markup in this block. Given all the crazy XSS attacks that exist and the prevalence of this problem this would go a long way towards preventing at least coded script attacks in the DOM. And it seems like a totally doable solution that wouldn't be very difficult to implement by vendors. There would also need to be some logic in the parser to not allow an </restricted> or <restricted> tag into the content as to short-circuit the rstricted section (per James Hart's comment). I'm sure there are other issues to consider as well that I didn't think of in my off-the-back-of-a-napkin concept here but the idea overall seems worth consideration I think. Without code running in a user supplied HTML block it'd be pretty hard to compromise a local HTML document and pass information like Cookies to a server. Or even send data to a server period. Short of an iFrame that can access the parent frame (which is another restriction that should be available on this <restricted> tag) that could potentially communicate back, there's not a lot a malicious site could do. The HTML could still 'phone home' via image links and href links potentially and basically say this site was accessed, but without the ability to run script code it would be pretty tough to pass along critical information to the server beyond that. Ahhhh… one can dream… Not holding my breath of course. The design by committee that is the W3C can't agree on anything in timeframes measured less than decades, but maybe this is one place where browser vendors can actually step up the pressure. This is something in their best interest to reduce the attack surface for vulnerabilities on their browser platforms significantly. Several people commented on Twitter today that there isn't enough discussion on issues like this that address serious needs in the web browser space. Realistically security has to be a number one concern with Web applications in general - there isn't a Web app out there that is not vulnerable. And yet nothing has been done to address these security issues even though there might be relatively easy solutions to make this happen. It'll take time, and it's probably not going to happen in our lifetime, but maybe this rambling thought sparks some ideas on how this sort of restriction can get into browsers in some way in the future.© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET  HTML5  HTML  Security   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

    - by ScottGu
    [In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu] This is the nineteenth in a series of blog posts I’m doing on the upcoming VS 2010 and .NET 4 release. Today’s post covers a small, but very useful, new syntax feature being introduced with ASP.NET 4 – which is the ability to automatically HTML encode output within code nuggets.  This helps protect your applications and sites against cross-site script injection (XSS) and HTML injection attacks, and enables you to do so using a nice concise syntax. HTML Encoding Cross-site script injection (XSS) and HTML encoding attacks are two of the most common security issues that plague web-sites and applications.  They occur when hackers find a way to inject client-side script or HTML markup into web-pages that are then viewed by other visitors to a site.  This can be used to both vandalize a site, as well as enable hackers to run client-script code that steals cookie data and/or exploits a user’s identity on a site to do bad things. One way to help mitigate against cross-site scripting attacks is to make sure that rendered output is HTML encoded within a page.  This helps ensures that any content that might have been input/modified by an end-user cannot be output back onto a page containing tags like <script> or <img> elements.  ASP.NET applications (especially those using ASP.NET MVC) often rely on using <%= %> code-nugget expressions to render output.  Developers today often use the Server.HtmlEncode() or HttpUtility.Encode() helper methods within these expressions to HTML encode the output before it is rendered.  This can be done using code like below: While this works fine, there are two downsides of it: It is a little verbose Developers often forget to call the HtmlEncode method New <%: %> Code Nugget Syntax With ASP.NET 4 we are introducing a new code expression syntax (<%:  %>) that renders output like <%= %> blocks do – but which also automatically HTML encodes it before doing so.  This eliminates the need to explicitly HTML encode content like we did in the example above.  Instead you can just write the more concise code below to accomplish the same thing: We chose the <%: %> syntax so that it would be easy to quickly replace existing instances of <%= %> code blocks.  It also enables you to easily search your code-base for <%= %> elements to find and verify any cases where you are not using HTML encoding within your application to ensure that you have the correct behavior. Avoiding Double Encoding While HTML encoding content is often a good best practice, there are times when the content you are outputting is meant to be HTML or is already encoded – in which case you don’t want to HTML encode it again.  ASP.NET 4 introduces a new IHtmlString interface (along with a concrete implementation: HtmlString) that you can implement on types to indicate that its value is already properly encoded (or otherwise examined) for displaying as HTML, and that therefore the value should not be HTML-encoded again.  The <%: %> code-nugget syntax checks for the presence of the IHtmlString interface and will not HTML encode the output of the code expression if its value implements this interface.  This allows developers to avoid having to decide on a per-case basis whether to use <%= %> or <%: %> code-nuggets.  Instead you can always use <%: %> code nuggets, and then have any properties or data-types that are already HTML encoded implement the IHtmlString interface. Using ASP.NET MVC HTML Helper Methods with <%: %> For a practical example of where this HTML encoding escape mechanism is useful, consider scenarios where you use HTML helper methods with ASP.NET MVC.  These helper methods typically return HTML.  For example: the Html.TextBox() helper method returns markup like <input type=”text”/>.  With ASP.NET MVC 2 these helper methods now by default return HtmlString types – which indicates that the returned string content is safe for rendering and should not be encoded by <%: %> nuggets.  This allows you to use these methods within both <%= %> code nugget blocks: As well as within <%: %> code nugget blocks: In both cases above the HTML content returned from the helper method will be rendered to the client as HTML – and the <%: %> code nugget will avoid double-encoding it. This enables you to default to always using <%: %> code nuggets instead of <%= %> code blocks within your applications.  If you want to be really hardcore you can even create a build rule that searches your application looking for <%= %> usages and flags any cases it finds as an error to enforce that HTML encoding always takes place. Scaffolding ASP.NET MVC 2 Views When you use VS 2010 (or the free Visual Web Developer 2010 Express) you’ll find that the views that are scaffolded using the “Add View” dialog now by default always use <%: %> blocks when outputting any content.  For example, below I’ve scaffolded a simple “Edit” view for an article object.  Note the three usages of <%: %> code nuggets for the label, textbox, and validation message (all output with HTML helper methods): Summary The new <%: %> syntax provides a concise way to automatically HTML encode content and then render it as output.  It allows you to make your code a little less verbose, and to easily check/verify that you are always HTML encoding content throughout your site.  This can help protect your applications against cross-site script injection (XSS) and HTML injection attacks.  Hope this helps, Scott

    Read the article

  • ASP.NET TextBox TextChanged event not firing in custom EditorPart

    - by Ben Collins
    This is a classic sort of question, I suppose, but it seems that most people are interested in having the textbox cause a postback. I'm not. I just want the event to fire when a postback occurs. I have created a webpart with a custom editorpart. The editorpart renders with a textbox and a button. Clicking the button causes a dialog to open. When the dialog is closed, it sets the value of the textbox via javascript and then does __doPostBack using the ClientID of the editorpart. The postback happens, but the TextChanged event never fires, and I'm not sure if it's a problem with the way __doPostBack is invoked, or if it's because of the way I'm setting up the event handler, or something else. Here's what I think is the relevant portion of the code from the editorpart: protected override void CreateChildControls() { _txtListUrl = new TextBox(); _txtListUrl.ID = "targetSPList"; _txtListUrl.Style.Add(HtmlTextWriterStyle.Width, "60%"); _txtListUrl.ToolTip = "Select List"; _txtListUrl.CssClass = "ms-input"; _txtListUrl.Attributes.Add("readOnly", "true"); _txtListUrl.Attributes.Add("onChange", "__doPostBack('" + this.ClientID + "', '');"); _txtListUrl.Text = this.ListString; _btnListPicker = new HtmlInputButton(); _btnListPicker.Style.Add(HtmlTextWriterStyle.Width, "60%"); _btnListPicker.Attributes.Add("Title", "Select List"); _btnListPicker.ID = "browseListsSmtButton"; _btnListPicker.Attributes.Add("onClick", "mso_launchListSmtPicker()"); _btnListPicker.Value = "Select List"; this.AddConfigurationOption("News List", "Choose the list that serves as the data source.", new Control[] { _txtListUrl, _btnListPicker }); if (this.ShowViewSelection) { _txtListUrl.TextChanged += new EventHandler(_txtListUrl_TextChanged); _ddlViews = new DropDownList(); _ddlViews.ID = "_ddlViews"; this.AddConfigurationOption("View", _ddlViews); } } protected override void OnPreRender(EventArgs e) { ScriptLink.Register(this.Page, "PickerTreeDialog.js", true); string lastSelectedListId = string.Empty; if (!this.WebId.Equals(Guid.Empty) && !this.ListId.Equals(Guid.Empty)) { lastSelectedListId = SPHttpUtility.EcmaScriptStringLiteralEncode( string.Format("SPList:{0}?SPWeb:{1}:", this.ListId.ToString(), this.WebId.ToString())); } string script = "\r\n var lastSelectedListSmtPickerId = '" + lastSelectedListId + "';" + "\r\n function mso_launchListSmtPicker(){" + "\r\n if (!document.getElementById) return;" + "\r\n" + "\r\n var listTextBox = document.getElementById('" + SPHttpUtility.EcmaScriptStringLiteralEncode(_txtListUrl.ClientID) + "');" + "\r\n if (listTextBox == null) return;" + "\r\n" + "\r\n var serverUrl = '" + SPHttpUtility.EcmaScriptStringLiteralEncode(SPContext.Current.Web.ServerRelativeUrl) + "';" + "\r\n" + "\r\n var callback = function(results) {" + "\r\n if (results == null || results[1] == null || results[2] == null) return;" + "\r\n" + "\r\n lastSelectedListSmtPickerId = results[0];" + "\r\n var listUrl = '';" + "\r\n if (listUrl.substring(listUrl.length-1) != '/') listUrl = listUrl + '/';" + "\r\n if (results[1].charAt(0) == '/') results[1] = results[1].substring(1);" + "\r\n listUrl = listUrl + results[1];" + "\r\n if (listUrl.substring(listUrl.length-1) != '/') listUrl = listUrl + '/';" + "\r\n if (results[2].charAt(0) == '/') results[2] = results[2].substring(1);" + "\r\n listUrl = listUrl + results[2];" + "\r\n listTextBox.value = listUrl;" + "\r\n __doPostBack('" + this.ClientID + "','');" + "\r\n }" + "\r\n LaunchPickerTreeDialog('CbqPickerSelectListTitle','CbqPickerSelectListText','websLists','', serverUrl, lastSelectedListSmtPickerId,'','','/_layouts/images/smt_icon.gif','', callback);" + "\r\n }"; this.Page.ClientScript.RegisterClientScriptBlock(typeof(ListPickerEditorPart), "mso_launchListSmtPicker", script, true); if ((!string.IsNullOrEmpty(_txtListUrl.Text) && _ddlViews.Items.Count == 0) || _listSelectionChanged) { _ddlViews.Items.Clear(); if (!string.IsNullOrEmpty(_txtListUrl.Text)) { using (SPWeb web = SPContext.Current.Site.OpenWeb(this.WebId)) { foreach (SPView view in web.Lists[this.ListId].Views) { _ddlViews.Items.Add(new ListItem(view.Title, view.ID.ToString())); } } _ddlViews.Enabled = _ddlViews.Items.Count > 0; } else { _ddlViews.Enabled = false; } } base.OnPreRender(e); } void _txtListUrl_TextChanged(object sender, EventArgs e) { this.SetPropertiesFromChosenListString(_txtListUrl.Text); _listSelectionChanged = true; } Any ideas? Update: I forgot to mention these methods, which are called above: protected virtual void AddConfigurationOption(string title, Control inputControl) { this.AddConfigurationOption(title, null, inputControl); } protected virtual void AddConfigurationOption(string title, string description, Control inputControl) { this.AddConfigurationOption(title, description, new List<Control>(new Control[] { inputControl })); } protected virtual void AddConfigurationOption(string title, string description, IEnumerable<Control> inputControls) { HtmlGenericControl divSectionHead = new HtmlGenericControl("div"); divSectionHead.Attributes.Add("class", "UserSectionHead"); this.Controls.Add(divSectionHead); HtmlGenericControl labTitle = new HtmlGenericControl("label"); labTitle.InnerHtml = HttpUtility.HtmlEncode(title); divSectionHead.Controls.Add(labTitle); HtmlGenericControl divUserSectionBody = new HtmlGenericControl("div"); divUserSectionBody.Attributes.Add("class", "UserSectionBody"); this.Controls.Add(divUserSectionBody); HtmlGenericControl divUserControlGroup = new HtmlGenericControl("div"); divUserControlGroup.Attributes.Add("class", "UserControlGroup"); divUserSectionBody.Controls.Add(divUserControlGroup); if (!string.IsNullOrEmpty(description)) { HtmlGenericControl spnDescription = new HtmlGenericControl("div"); spnDescription.InnerHtml = HttpUtility.HtmlEncode(description); divUserControlGroup.Controls.Add(spnDescription); } foreach (Control inputControl in inputControls) { divUserControlGroup.Controls.Add(inputControl); } this.Controls.Add(divUserControlGroup); HtmlGenericControl divUserDottedLine = new HtmlGenericControl("div"); divUserDottedLine.Attributes.Add("class", "UserDottedLine"); divUserDottedLine.Style.Add(HtmlTextWriterStyle.Width, "100%"); this.Controls.Add(divUserDottedLine); }

    Read the article

  • SPWeb.Webs, Site vs SubSite

    - by noob.spt
    Hi, I have a very basic question here. I am confused between SPSite. SiteCollection and SPWeb. So my understanding is (or what I could research on this) that, http://My_server TOP Level SIte or SPWEbApplication http://My_server/My_site Site Collection or SPSite Now a site under SPSite that will be referenced through SPWeb. So what are we getting when using SPWeb.Webs. What is a Subsite? Please let me know if I need to rephrase the question or more info is needed. Thanks. SPWeb mySite = SPContext.Current.Web; SPWebCollection sites = mySite.Webs; foreach (SPWeb subSite in sites) { Response.Write(SPEncode.HtmlEncode(subSite.Title) + "<BR>"); }

    Read the article

  • Display PDF in Html

    - by anil
    Hi, i want to show PDF in a view in MVC, following function return file public ActionResult TakeoffPlans(string projID) { Highmark.BLL.Models.Project proj = GetProject(projID); List ff = proj.GetFiles(Project_Thin.Folders.CompletedTakeoff, false); ViewData["HasFile"] = "0"; if (ff != null && ff.Count 0 && ff.Where(p = p.FileExtension == "pdf").Count() 0) { ViewData["HasFile"] = "1"; } ViewData["ProjectID"] = projID; ViewData["Folder"] = Project_Thin.Folders.CompletedTakeoff; //return View("UcRenderPDF"); string fileName = Server.MapPath("~/Content/Project List Update 2.pdf"); return File(fileName, "application/pdf", Server.HtmlEncode(fileName)); } but it display some bad data in view, please help me on this

    Read the article

  • MOSS 2007 team site page title

    - by nav
    Hi, I'm trying to display the page title (html title) on the default.aspx page of a custom site template. The template is based on a MOSS team site template. All that displays is the URL of the page as the page title. Can I change the code in the default.aspx and/or the sites master page to define the title myself? Details of the deafult.aspx and default.master page as below: Thanks. Default.aspx: <asp:Content ContentPlaceHolderId="PlaceHolderPageTitle" runat="server"> <SharePoint:EncodedLiteral runat="server" text="<%$Resources:wss,multipages_homelink_text%>" EncodeMethod="HtmlEncode"/> - <SharePoint:ProjectProperty Property="Title" runat="server"/> </asp:Content> default.master <Title ID=onetidTitle><asp:ContentPlaceHolder id=PlaceHolderPageTitle runat="server"/></Title>

    Read the article

  • ASP.NET GridView issue with DataFormatString in a BoundField

    - by David
    I have a BoundField in a GridView whose datatype (in MSSQL) is time(7). The format is being displayed as: hh:mm:ss.xxxxxx I want to add a DataFormatString to this boundfield so that the field displays in the format: hh:mm:ss Here is a snippet of the .aspx file that I'm modifying: <asp:BoundField DataField="ProcTime" HeaderText="ProcTime" SortExpression="ProcTime" ApplyFormatInEditMode="true" HtmlEncode="true" DataFormatString="{0:F0}" /> I've tried many different format strings (t, T, d, D, m, etc) but it does not change the format of the boundfield. What am I missing?

    Read the article

  • How to By Pass Request Validation

    - by GIbboK
    Hi, I have a GridView and I need update some data inserting HTML CODE; I would need this data been stored encoded and decoded on request. I cannot in any way disable globally "Request Validation" and not even at Page Level, so I would need a solution to disable "Request Validation" at Control Level. At the moment I am using a script which should Html.Encode every value being update, butt seems that "Request Validation" start its job before event RowUpdating, so I get the Error "Page A potentially dangerous Request.Form ... ". Any idea how to solve it? Thanks protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e) { foreach (DictionaryEntry entry in e.NewValues) { e.NewValues[entry.Key] = Server.HtmlEncode(entry.Value.ToString()); } PS I USE Wweb Controls not MVC

    Read the article

  • Strip text of all formatting on paste

    - by griegs
    I have an application that allows the user to create an article. The problem arises when the user pastes from something like Word which comes loaded with a bunch of markup. I'm using a jQuery editor called tiny_mce which allows the markup. I do a htmlencode and decode obviously but it means that i carry a huge payload of markup. Is there a way to strip (all) markup from pasted text and just keep the text? Or is there a way that tiny_mce can show the markup as text?

    Read the article

  • Preventing cross-site scripting in ASP.NET MVC - using jQuery or standard HtmlHelpers

    - by user313353
    I am building an ASP.NET MVC application that is AJAX-driven. For some reason I need to add some DOM elements on the fly when clicking a submit button. This is accomplished with jQuery.append(). One element inserted is a textarea, whose the data must be parse before submitting to ensure that no cross-site scripting can be done. We know that the Html.Encode() works great but must be declared outside a script tag. All I have done with jQuery is embedded within a script tag. 1) Is there a way to take advantage of the Html.Encode() within a script tag? 2) How can I accomplish this with jQuery? At worst I can use HttpUtility.HtmlEncode(), which is called on the server-side. Thanks for your help. Roland

    Read the article

  • How do I convert from a possibly Windows 1252 'ANSI' encoded uploaded file to UTF8 in .NET?

    - by qqq123
    I've got a FileUpload control in an ASP.NET web page which is used to upload a file, the contents of which (in a stream) are processed in the C# code behind and output on the page later, using HtmlEncode. But, some of this output is becoming mangled, specifically the symbol '£' is output as the Unicode FFFD REPLACEMENT CHARACTER. I've tracked this down to the input file, which is Windows 1252 ('ANSI') encoded. The question is, How do I determine whether the file is encoded as 1252 or UTF8? It could be either, and How do I convert it to UTF8 if it is in Windows 1252, preserving the symbol £ etc? I've looked online but cannot find a satisfactory answer.

    Read the article

< Previous Page | 1 2 3  | Next Page >