When I use built-in controls in asp.net I can see many tab characters added at start of each line of the generated html output. Is it possible to 'turn of' these? I'd like to get rid of this waste.
For example when I use GridView control, it generates <table> tag which looks like this:
<div>
<table>
<tr>
<th>...</th>
</tr>
<tr>
<td>...</td>
</tr>
...
</table>
</div>
But I want to see this:
<div>
<table>
<tr>
<th>...</th>
</tr>
<tr>
<td>...</td>
</tr>
...
</table>
</div>
I wonder who designed this silly stuff. Although it is "just a few bytes", it sends many unneeded waste over internet if you look at it from a long time period point of view. (I understand that indentation makes it more readable, but still at least those inner <th> and <td> tags are a bit too much indented.)
Or do you think I am completely wrong? [Are those tabs important for The World?]
I wonder who designed this silly stuff
Microsoft Corporation.
Or do you think I am completely wrong?
I think you are completely wrong. HTML is to be read and interpreted by browsers. You, as a developer, could use developer tools such as FireBug to inspect the actual DOM tree in a nice way. Humans/users don't give a s..t about how your HTML is indented. They look at the final product rendered by the browser and this is what you should be focusing on. Actually in production in order to optimize bandwidth you should compress your HTML and remove all white-spaces. Could be done with custom response filters.
Personally, when I write a page (I use the Repeater control, so there's a bit of a difference), I always indent my HTML. Yes, even the content within the <th> and <td> tags.
I can understand your point (especially when we talk about using gzipped and minified copies of JavaScript libraries) when you're talking about a production application that's never debugged. However, without HTML indentation, it would be incredibly difficult for me to unwind problems in my layout or errors I made when I wrote CSS or HTML properties.
Related
My aspx file has lot's of components and has become difficult to work with when eg. adding new items because I can't see the start and end tags of where the new control must go (especially when adding containers).
I was wondering if there is a way to arrange the code with some kind of placeholder (all within the same file is fine) - something along the lines of the mockup below?
<abc:container>
<abc:pages>
<abc:page>
[Page1CodeGoesHere]
</abc:page>
<abc:page>
[Page2CodeGoesHere]
</abc:page>
</abc:pages>
</abc:container>
<Page1CodeGoesHere>
<table>
<tr>
<td>1</td>
<td>2</td>
<td>3</td>
</tr>
</table>
</Page1CodeGoesHere>
<Page2CodeGoesHere>
<table>
<tr>
<td>a</td>
<td>b</td>
<td>c</td>
</tr>
</table>
</Page2CodeGoesHere>
Use ASP.NET User Controls. It allow you to use code from separate files.
It seems you are looking for code-folding a-la #region support.
If yes, then Visual Studio 2013 Update 4 added support for #regions in HTML editor. You would use it like this:
<!-- #region Page1Code -->
..
<!-- #endregion -->
This will allow you to collapse-expand the regions as convenient to you.
Ref: http://blogs.msdn.com/b/webdev/archive/2014/10/16/announcing-new-web-features-in-visual-studio-2013-update-4-rc.aspx
Note 1:
This was voted against for in VS 2015, but was declined. So, #region support for HTML editor is here to stay it seems. Ref: https://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/6571662-do-not-introduce-the-curse-of-regions-to-html
Note 2:
Nothing beats modular approach. Keep your pages small, clean and simple.
How do i remove a new line from the start of a string?
what's happening is that i've been controlling and debugging someone else's php code, and converting it into asp. what he did was put html tags in a db table, and simply echoing them. ex, a field contains html table tags like <thead>,<tbody>,<tr>, etc. i didn't want to continue the wrong doing so what i did was to control them by first turning <tr>s into <br />s, and removing everything else. but problem is that the first <tr> makes a new line in the very start of the string. i want to remove it. another problem is that not all fields has htmlt tags inside, so i have to put something like if text.substring(0,1)="(idk what to put here)" then (maybe the replace or trim functions here). any help please?
here's a sample field content. pretty nasty indeed:
<table width="705" height="323" id="gradient-style" summary="Meeting Results">
<thead>
<tr>
<td width="238">Product</td>
<td width="610">TS2360 Tape<br />
Drive Express</td>
</tr>
</thead>
<tbody>
<tr>
<td>Machine/model, HVEC</td>
<td>3580<br />
S63, 3580S6X</td>
</tr>
<tr>
<td>Product strengths</td>
<td>Multi O/S<br />
Encryption & media<br />
partition capable<br />
LTFS support</td>
</tr>
</tbody>
</table>
so after making <tr>s into <br>s and removing other html tags, output beacame:
Product TS2360 Tape Drive Express
Give background color to the table cells to achieve seamless transition
Machine/model, HVEC 3580 S63, 3580S6X
Product strengths Multi O/S Encryption & media partition capable LTFS support
(supposedly skipping a line before "Product" because it has <tr> before it, but didn't show in the block quote)
Thanks in advance.
var cleanedFieldValue = someValueWithLineBreaks.TrimStart( '\n' );
The VB.NET version might look like:
Dim cleanedFieldValue = someValueWithLineBreaks.TrimStart(ControlChars.Lf)
Edit
It sounds as if you are trying to parse some Html and then do work on it. I would recommend using the Html Agility Pack for that and read about the evils of attempting to use RegEx to parse your Html.
Man, I never really learnt all the embedded code blocks and stuff you can use in ASP.NET. What I'm trying to do is the following:
I have a repeater
It renders a table
In each row, I need to add a data-bind attribute (yes, for Knockout) containing some text and the rowindex.
More specifically, I want to render:
<table>
<tr data-bind="with:myItems()[0]">
...
</tr>
<tr data-bind="with:myItems()[1]">
...
</tr>
<tr data-bind="with:myItems()[2]">
...
</tr>
</table>
I've tried:
data-bind="<%# String.Format("myItems()[{0}]", Container.ItemIndex) %>"
But that doesn't work (data-bind="<%# Container.ItemIndex %> will however. So I'm trying to combine code with information from the databound item.
I know there is a foreach binding in Knockout, but I can't use it because:
I want/need my HTML to be constructed server-side initially
There's other, specific javascript that needs the HTML to exist already so I can't let Knockout populate the table
I'm using an ASP.NET Repeater, which doesn't mix well with Knockout's templates.
I also know, I could just do this in code-behind (with <tr runat="server" ... >) but I'm trying to put all my layout and javascript in markup and js files, not in C# code.
So, can I, in some way, add code in my markup to combine text I choose, with info from the current databound item?
Bummer, apparently, the answer is dead simple, and it didn't work the first time because of another mistake I made:
<tr data-bind="with: myItems()[<%# Container.ItemIndex %>]">
I put more info on my Blog and a working example on GitHub.
I have been told to find a fix to Cross Site Scripting (XSS) in some of my bank old .asp pages.
I did some research on the subject, but I didn't find an answer to my problem. It's the first time I heard about XSS and the first time I am looking at ASP (although the page has nothing but HTML) and I haven't been into web design for about 2 years now, so I am very very rusty.
So for example, I have this form
<form method="POST" id="CH" name="CH" action="http://some_url/some.asp">
<input type="hidden" name="srv" value="1" ID="srv"/>
<TABLE border="0" cellpadding="0" cellspacing="0" width="100%" align="center">
<TR valign="top">
<TR>
<TD align="center">Input something here
<input name="input_something" type="text" class="field-no-fit" maxlength="12" value="">
</TD>
</TR>
</TR>
</TABLE>
</form>
If I manually input the URL (which contains this form) as
http://this_url/this.asp?1=%22%3E%3Cscript%3Ealert%28HelloWorld%29%3C/script%3E%3Cimg%20alt=%22%22%20src=%22
the page will load and then it will throw a javascript alert and display an error image.
My goal is to stop scripts from running when opening the page.
I read about Server.HTMLEncode but can't find a way to use it to stop the script from running at page load.
Thanks in advance!
EDIT: Will I be able, at least partially, to work around it if I replace the input's value with:
"<%= Server.HTMLEncode(Request("input_something"))%>"
I cannot test it, since, currently, I have no access to IE6, and all the other browsers (including IE>6 versions) avoid the error (already disabled XSS Filter in the Security tab, but it does not work)
i do not think that has anything to do with the browser?
you obviously write the content of a querystring parameter directly on your page like so:
<%=Request.QueryString("1")%>
that is bad.
as you already have found out you should use
server.htmlencode( Request.QueryString("1") )
everywhere on your pages where you write user input directly on the page.
that should do the trick
also have a look here
(I do not know much about ASP) You may be able get an easy fix by enabling ASP request validation. As with any behaviour changes, a number of things can break on other pages (although this would be surprising), so test the the change first. See Step 1 in http://msdn.microsoft.com/en-us/library/bb355989.aspx
Your server is filling in all tags on the page, including the hidden "srv" input, from URL parameters, with no filtering for HTML tags, which then get pasted into the page. You can limit this form to respond to POST only, not GET method, then your example attack will not work. This is probably the easiest and most harmless fix.
Finally, look if you can set cookie attribute for whatever cookie is used to track sessions to HTTPOnly.
A very long read on all possible measures you can use is at http://msdn.microsoft.com/en-us/library/ms998274.aspx
I'm stumped by a seemingly simple problem. In my ASP.NET page, I have a table which has a few rows that need to be shown or hidden conditionally from the back end. Sounds simple, right?
What I tried is something like this in the front-end code:
<table>
<tr>
<td id="demorow1">
<p>This row always shows up!</p>
</td>
</tr>
<tr id="conditionalrow" runat="server">
<td id="formoptionsrow">
<!-- This row contains a number of form elements that should only SOMETIMES be shown, as determined by the back-end code. -->
</td>
</tr>
</table>
And in the code-behind file I just do this to hide the code:
conditionalrow.Style["display"] = "none";
This makes the row disappear as intended. I don't mind that it's just invisible, it won't hurt anything. However, this has the side-effect of making several HTML form elements inside of conditionalrow gain ASP.NET's convoluted IDs and NAMEs. This throws off a lot of Javascript functions related to the form that I don't have time to change or rework right now. I need to be able to hide the form (or remove it from the code entirely) from the code behind file, but without changing the IDs and NAMEs of child elements.
I know there's some kind of setting in the newer versions of ASP.NET that allows you to override ASP.NET's ID reassignment. Unfortunately, I'm stuck with ASP.NET 2.0 and don't have the option of using anything newer for this project. What do you recommend?
Instead of making the row a server side control, use a code block to give it an appropriate CSS class.
<tr class="<%:VisibilityClass%>">
Where, in your code behind you have a VisibilityClass string property that return the CSS class name:
public string VisibilityClass
{
get
{
if(shouldBeVisible)
return "visible";
return "hidden";
}
}
You can also use functions if a property is not appropriate.
can you not do a conditionalrow.Visible = false;