I am doing this to replace whitespaces and line breaks. The whitespaces part works however the line break does not.
It works if I removed the tags < > from the br. The line breaks in that case does get replaced by 'br'
I am using Antixss and sanitize.GetSafeHtmlFragment?
Is that causing a problem?
This might work:
http://wpl.codeplex.com/workitem/14053
AntiXss.GetSafeHtmlFragment(strMessage.Replace(ControlChars.Lf.ToString(),"<br>"))
Where strMessage is the string with newlines you're calling AntiXss
on.
This might also help:
http://eksith.wordpress.com/2012/02/13/antixss-4-2-breaks-everything/
.NET AntiXSS with Multiline Textboxes
Maybe a little code....and a description of your current problem
Sounds like your doing this to a models field. In an edit or create view is this correct? if you are using texteditorfor(model => model.property) and the property is of type string then the line breaks will automatically be removed.
If it is a validation error due the HTML it should indicate that on the error page. If this is the case then in the model you must allow html with the [AllowHtml] attribute to the property. you must include system.mvc
I am trying to perform the following task in asp.net
Response.Redirect("/?confim&name=John%20Smith");
When this code is executed the url I see in the browser address is
"www.mysite.com/?confirm&name=John+Smith".
But what I want is "www.mysite.com/?confirm&name=John%20Smith".
I know that %20 and + are in place of a space and I know it would probably be better to have the name something like "John_Smith". But I am integrating with a third party piece of software etc, with old data and for legacy reasons it cant change.
I have tried this in another vanilla site and I don't receive the problem, so I cant help but wonder if its a global setting or something that I am missing or haven't heard of. Any help would be greatly appreciated
Thanks
Will
I don't think I understand what about the encoding you don't like---
The + is a reserved character. So even if you replace spaces with +, the + will be replaced with a % code. And " " should be replaced with %20 anyhow, and if it isn't you can use the HttpServerUtility.UrlEncode method. And if that doesn't already work, then try this hack:
string someUrlEncodedMyWay = "www.mysite.com/?confirm&name=John%20Smith";
Response.Write("<script type=\"text/javascript\">");
Response.Write("window.location = \"" + someUrlEncodedMyWay + "\"");
Response.Write("</script>");
And that will allow you to tell the browser to use a funky URL, but if the browser doesn't want to, you might end up with a different encoding of the spaces and special characters.
i'm using a little javascript in my website for my navigation bar, which is made up of a few ImageButton controls. in the code behind i have this:
Dim homeImage As String = GetLocalResourceObject("HomeImage")
imgBtnHome.Attributes.Add("OnMouseOver", HomeImage)
and in the resx file, i've tried these, but they don't work: (note the single and double quotes)
key: HomeImage value: "this.src='images/HomeImage.gif'"
key: HomeImage value: "this.src='images/HomeImage.gif'"
can anyone tell me what i'm doing wrong? is it even possible to read "quoted" text from a local resource file?
Yes, you can store quotes in a resx string value. If you look at the XML that's generated for a resource file, you'll see that the quotes are in the value entries.
However, your script isn't going to work with quotes around it. Think of it this way - say you wanted to pop up an alert box. You would do:
imgBtnHome.Attributes.Add("OnMouseOver", "alert('hi')")
NOT
imgBtnHome.Attributes.Add("OnMouseOver", """alert('hi')""");
You're passing in a string value for the script, not a quoted string value. Try removing the double quotes altogether, and leave the single quotes.
I am using the following code to add a series of calls to the body parameter of a page in asp.net:
uxBodyTag.Attributes["onbeforeunload"] +=
"ajaxRequest('UnlockQuery.ashx?QueryID=" + queryId.ToString() +
"&UserID=" + Session["UserID"].ToString() + "');";
This is being rendered as:
<body id="uxBodyTag" onbeforeunload=
"ajaxRequest('UnlockQuery.ashx?QueryID=176&UserID=11648');">
The & means my ashx page is not retrieving the correct variables - how can I stop asp.net from doing this?
EDIT:
Using
Server.UrlEncode
gives me the following:
<body id="uxBodyTag" onbeforeunload=
"ajaxRequest('UnlockQuery.ashx%3fQueryID%3d179%26UserID%3d11648')%3b">
Which is far worse.
In HTML the ampersand needs to be encoded, always, everywhere, also in attribute values (the contents of the <script> tag is the notable exception, obviously). ASP.NET does the right thing.
Attribute values will be unencoded by the browser before it actually uses them. So your onbeforeunload attribute has a literal value of:
ajaxRequest('UnlockQuery.ashx?QueryID=176&UserID=11648');
while the HTML representation needs to have the & in place of the &. The browser usually understands the ill-encoded version as well, but an SGML parser would complain about an unknown/invalid entity named &UserID.
The behaviour you are seeing with & encoded as & is the behaviour you want. By the time the text gets to your ajaxRequest function it will have been unencoded again and everything should be fine.
I'm in an ASP.NET UserControl. When I type Control-K, Control-D to reformat all the markup, I get a series of messages from VS 2008:
"Could not reformat the document. The original format was restored."
"Could not complete the action."
"The operation could not be completed. The parameter is incorrect."
Anybody know what causes this?
Edit: OK, that is just...weird.
The problem is here:
<asp:TableCell>
<asp:Button Text="Cancel" runat="server" ID="lnkCancel" CssClass="CellSingleItem" />
</asp:TableCell>
Somehow that asp:Button line is causing the problem. But if I delete any individual attribute, the formatting works. Or if I add a new attribute, the formatting works. Or if I change the tag to be non-self-closing, it works. But if I undo and leave it as-is, it doesn't work.
All I can figure is that this is some sort of really obscure, bizarre bug.
There's probably some malformed markup somewhere in your document. Have you tried it on a fresh document?
Did get the problem today.
My solution: Restart Visual Studio
Usually this sort of behavior is caused by invalid code. It may only be invalid HTML causing it which would still allow the program to be compiled.
For example, if tags are mismatched like this the IDE cannot reformat it.
<div><h1>My Title</div></h1
Check your warnings to see if there are any entries pointing towards mismatched or unclosed tags.
For me, it's usually as issue with whitespace. To fix it, I open Find and Replace (CTRL+H), set Look in to "Current Document", check Use and select "Regular expressions". For Find what I enter ":b|\n" (minus quotes), and for Replace with I enter a single space. Then I click Replace All.
The steps above will replace all whitespace—including line breaks—with a single space, and the next time you format the document, you shouldn't get any errors. That is assuming you don't have malformed HTML.
select the entire suspicious codes segments and use Ctrl+k,Ctrl+F to format only the selected segments instead of whole document .
this way you can find the exact place of problems specially not closed or inappropriate closed tags and fix them .
after all scanning segment by segment is done you can format the whole document for sure
My problem was an extra ". Look carefully the html.
I encountered this for the first time a few weeks ago. I found it was down to invalid HTML. I had to cut out sections of content and paste it back in a little at a time to track down the problem.
For me, I had some bogus characters in my markup code. I only found this out by copy and pasting all my text into Notepad. After that, I saw the bogus characters (showed up as little squares). I just deleted those lines and retyped them and now everything is ok.
I had an unwanted semi-colon. But you may have quote ('), double quote ("), semi-colon (;) or any special character.
So, editing my answer with more details and a screenshot because it still very active.
Go to that line by double clicking the error and search for the extra (unwanted) quote ('), double quote ("), semi-colon (;) or any special character. Remove it because it is causing the error.
Just to add some more information. This issue is caused due to some invalid markup in html.
It won't cause any blocking while running the application.
Unfortunately the solutions mentioned here did not work for me.
1. Restarting visual studio
2. Replacing spaces using regex etc
The best solution to fix the issue is to go to the specific line where the issue is caused and check that line for any invalid symbols like , or ". Just remove it and it will work fine.
My issue is extra " in the value of html attribute, After removing this it is working fine for me.