I've recently upgraded a client's web site to .NET 4 and we've found out during the process that now GridView column values are automatically HTML encoded.
They have wide use of HTML strings in their code so we must turn that off. I know one solution would go over each column and add HtmlEncode="false". My question is - is there a way to set this to be the default for all GridView columns in this application?
Thanks!
I found this solution to solve this problem.
protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
for (int i = 0; i < e.Row.Cells.Count; i++)
{
string encoded = e.Row.Cells[i].Text;
e.Row.Cells[i].Text = Context.Server.HtmlDecode(encoded);
}
}
}
I don't think there is any way to do it by default as this was put in as a safety measure by default so that developers would need to consider turning it off.
To get around it you would need to turn it off column by column or you could inherit a new control from GridView and make it set each column be default to false. You could then just do a search and replace for GridView with your new control. I wouldn't recommend this method though.
Best would be to interrogate each column in the application and turn it off. It's safer and it makes you actually consider where you want to open the door for the possibility of HTML / javascript injection. Better safe than sorry.
You can also create a class that extends GridView to do this
[ToolboxData("<{0}:DecodedGridView runat='server'>")]
public class DecodedGridView : GridView
{
protected override void Render(HtmlTextWriter writer)
{
for (var i = 0; i < Rows.Count; i++)
{
for (var j = 0; j < Rows[i].Cells.Count; j++)
{
if (Rows[i].RowType == DataControlRowType.DataRow
&& !(((DataControlFieldCell)Rows[i].Cells[j]).ContainingField is CommandField))
{
var encoded = Rows[i].Cells[j].Text;
Rows[i].Cells[j].Text = Context.Server.HtmlDecode(encoded);
}
}
}
base.Render(writer);
}
}
You can then just change the GridViews to this where you want to have HTML encode removed.
Just declare the Assembly in a similar fashion:
<%# Register TagPrefix="MyUI" Namespace="MyProject.UI" Assembly="MyProject" %>
Then call the GridView like so:
<MyUI:DecodedGridView ID="MyTableWithHtml" runat="server">
<!-- All the normal GridView stuff -->
</MyUI:DecodedGridView>
Related
I want to dynamically create buttons for each cell in a table, which works fine. The problem is that i now want to assign them server side click events, like this:
Button b = new Button();
b.Text = "Delete";
b.CssClass = "btnDelete";
b.Click += new EventHandler(this.deletePictures_Click);
While this would be my deletePictures_Click:
private void deletePictures_Click(object sender, EventArgs e)
{
test.Text = "hi";
}
But it won't fire. I did quite some research but couldn't find anything that helped me, yet. Do you guys know what's wrong?
Thanks in advance!
Edit:
Here's the rendered HTML
<td class="resultCell">
<img class="resultpicture" src="photos/DSC_101.jpg">
<input name="ctl00$cphContentBox$ctl02" value="Delete" class="btnDelete" type="submit"></td>
Edit:
I saved all the buttons in a List and then in the Session. In the OnInit I iterated the List, assigning the Button.OnClientClick to each of them. But the event still won't fire! Here's the code:
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
if (Session["buttons"] != null)
{
buttons = (List<Button>)Session["buttons"];
for (int i = 0; i < buttons.Count; i++)
{
buttons[i].OnClientClick += new EventHandler(deletePictures_Click);
}
}
}
The easy idea is to use a grid-view instead a table.
In the above problem you need to recreate you element on pre_init evetn.
Here is a good link
http://social.msdn.microsoft.com/Forums/en-US/dbc12b8c-8796-4800-a45f-57f24b8ef72b/dynamically-created-button-event-is-not-working
you need to create an array of objects (i think a collection of them), then cycle them with a foreach construct
at school i did it in java, printing buttons in a table with foreach and collections
I am trying to find all asp:Image controls in the vb.net code behind to dynamically set the ImageUrl to the same image file. This I can do seperately for each control, but writing 10+
imgQuestion.ImageUrl = cdn.Uri.ToString & "images/question.png" lines seems a little silly. I do not need to skip any image controls - every single one on the page will be changed. Is there any way to identify all of them without specifying each ID?
The IDs are not all named something similar, such as "Image1", "Image2" but rather "PaymentNote", "search", etc so I cannot loop through all the numbers with something like FindControl("Image" & controlNumber)
Is there another way to do this? I'd prefer to keep the image control IDs as something meaningful.
You can recursively use FindControl, starting from the Page and for each control check if it's an <asp:Image...
My own preferred language of choice is C#, so I won't be able to show a VB example. But here's a C# example:
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
ChangeImageUrls(Page);
}
private void ChangeImageUrls(Control ctrl)
{
foreach (Control subCtrl in ctrl.Controls)
{
if (subCtrl is Image)
{
((Image)subCtrl).ImageUrl = "...";
}
if (subCtrl.HasControls())
ChangeImageUrls(subCtrl);
}
}
}
I have an ASP.NET Web Site with custom made themes. These themes are invoked using a BasePage that every page inherits, where the masterpagefile is set dynamically.
I want to add a tracking script to every page, but I don't want to include a <%= TrackingScript %> on every theme masterpage.
I want to do it programmatically from the BasePage.
RegisterStartupScript won't work, because not every page contains a form runat="server"...
I'm running out of ideas, so I tought someine in here had an answer?
I have a solution here, but it's not one that I would recommend very strongly. It's got the same built in brittleness as developers forgetting to put in a block of script tags, or making them remember to put "body runat=server", or other such techniques, but it's slightly less likely that they'll forget a "" tag.
Basically, you can iterate the literal tags in the page during PreRender, find the closing body tag, and insert your script before it. But again, if your master page developers forget a /body tag, it won't work. You could beef it up to also look for /html or at the very worst, just simply do a Page.Controls.Add() to make it appear after everything, but that's not valid html.
Here's the code (adapted from a quick example I found here):
public void Page_PreRender(object sender, EventArgs e)
{
int x = -1;
var control = FindBodyTag(this, out x);
this.Page.Controls.AddAt(x, new LiteralControl("test"));
}
public LiteralControl FindBodyTag(Control parentCtl, out int ctlPos)
{
LiteralControl bodyTag = null;
ctlPos = -1;
for (int i = 0; i < parentCtl.Controls.Count; i++)
{
var currentCtl = parentCtl.Controls[i];
if (currentCtl is LiteralControl)
{
int iPos = (currentCtl as LiteralControl).Text.ToLower().IndexOf("</body");
if (iPos > -1)
{
ctlPos = i;
break;
}
}
}
return bodyTag;
}
I would prefer a solution with a base masterpage class that exposed a BodyTag property that your Page could access and manipulate.
The Response.Filter property might be useful if you have inline code or other hindrances to modifying the Controls collection:
https://web.archive.org/web/20210510022033/https://aspnet.4guysfromrolla.com/articles/120308-1.aspx
Otherwise Page.Master.FindControl("placeHolder"), or use a BaseMasterPage that adds the control programmatically.
I have a GridView bound to a DataTable that I construct. Most columns in the table contain the raw HTML for a hypelinklink, and I would like that HTML to render as a link in the browser, but the GridView is automatically encoding the HTML, so it renders as markup.
How can I avoid this without explicitly adding HyperLink, or any other, columns?
Simply set the BoundColumn.HtmlEncode property to false:
<asp:BoundField DataField="HtmlLink" HtmlEncode="false" />
I am afraid that there is no easy way to disable HTML encoding of the contents in a GridView with AutoGenerateColumns= true. However, I can think of two workarounds that might solve the problem you are facing:
Option 1: Inherit the GridView class, override the Render method, loop through all cells, decode their contents, before executing the base method:
for (int i = 0; i < Rows.Count; i++)
{
for (int j = 0; j < Rows[i].Cells.Count; j++)
{
string encoded = Rows[i].Cells[j].Text;
Rows[i].Cells[j].Text = Context.Server.HtmlDecode(encoded);
}
}
Option 2: In a class inheriting from GridView or in the Page or Control using it, make your own inspection of the DataTable and create an explicit BoundColumn for each column:
foreach (DataColumn column in dataTable.Columns)
{
GridViewColumn boundColumn = new BoundColumn
{
DataSource = column.ColumnName,
HeaderText = column.ColumnName,
HtmlEncode = false
};
gridView.Columns.Add(boundColumn);
}
I was able to achieve this by using the solution that Jørn Schou-Rode provided, I modified a little bit to make it work from the RowDataBound Event of my Gridview.
protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
for (int j = 0; j < e.Row.Cells.Count; j++)
{
string encoded = e.Row.Cells[j].Text;
e.Row.Cells[j].Text = Context.Server.HtmlDecode(encoded);
}
}
}
Another way is to add something like the following to the RowDataBound event handler...
If e.Row.RowType = DataControlRowType.Header Then
For Each col As TableCell In e.Row.Cells
Dim encoded As String = col.Text
col.Text = Context.Server.HtmlDecode(encoded)
Next
End If
Use OnRowCreated
protected void gvFm_RowCreated(object sender, GridViewRowEventArgs e)
{
foreach (TableCell cell in e.Row.Cells)
{
BoundField fldRef = (BoundField)((DataControlFieldCell)cell).ContainingField;
switch (fldRef.DataField)
{
case "ColToHide":
fldRef.Visible = false;
break;
case "ColWithoutEncode":
fldRef.HtmlEncode = false;
break;
}
}
}
Well since the html for the link is in your db already, you could just output the html to a literal control.
<asp:TemplateField HeaderText="myLink" SortExpression="myLink">
<ItemTemplate>
<asp:Literal ID="litHyperLink" runat="server" Text='<%# Bind("myLink", "{0}") %>' />
</ItemTemplate>
</asp:TemplateField>
This should render your link as raw text allowing the browser to render it as the link you expect it to be.
Since all the answers seem to be in C# and the questions was not specific, I ran into this issue using ASP.Net and VB.Net and the accepted solution did not work for me in VB (though I imagine it does work in C#). Hopefully this helps anyone working with VB.Net in ASP who stumbles upon this as I have.
In VB.Net BoundColumn cannot be added to Gridview.Columns as it is not a System.Web.UI.WebControls.DataControlField so instead one must use a BoundField which is a DataControlField.
BoundColoumn also does not have an HtmlEncode property however BoundField does. Also, in VB.Net DataSource becomes DataField.
For Each dataCol As DataColumn In dv.Table.Columns
Dim boundCol As New BoundField With {
.DataField = dataCol.ColumnName,
.HeaderText = dataCol.ColumnName,
.HtmlEncode = False
}
gvResult.Columns.Add(boundCol)
Next
gvResult.DataSource = dv
gvResult.Databind()
Also note that you must explicitly set AutoGenerateColumns="False" or the GridView will still generate columns along with the columns added above.
You can use this code in RowDataBound event if you want to disable HTML encoding in all rows and columns.
protected void GV_Product_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
foreach (TableCell ObjTC in e.Row.Cells)
{
string decodedText = HttpUtility.HtmlDecode(ObjTC.Text);
ObjTC.Text = decodedText;
}
}
}
I have a page with a table of stuff and I need to allow the user to select rows to process. I've figured out how to add a column of check boxes to the table but I can't seem to figure out how to test if they are checked when the form is submitted. If they were static elements, I'd be able to just check do this.theCheckBox but they are programaticly generated.
Also I'm not very happy with how I'm attaching my data to them (by stuffing it in there ID property).
I'm not sure if it's relevant but I'm looking at a bit of a catch-22 as I need to known which of the checkboxes that were created last time around were checked before I can re-run the code that created them.
Edit:
I've found an almost solution. By setting the AutoPostBack property and the CheckedChanged event:
checkbox.AutoPostBack = false;
checkbox.CheckedChanged += new EventHandler(checkbox_CheckedChanged);
I can get code to be called on a post back for any check box that has changed. However this has two problems:
The call back is processed after (or during, I'm not sure) Page_Load where I need to use this information
The call back is not called for check boxes that were checked when the page loaded and still are.
Edit 2:
What I ended up doing was tagging all my ID's with a know prefix and stuffing this at the top of Form_Load:
foreach (string v in this.Request.Form.AllKeys)
{
if (v.StartsWith(Prefix))
{
var data = v.Substring(Prefix.Length);
}
}
everything else seems to run to late.
I'm going to assume you're using a DataList but this should work with and Control that can be templated. I'm also going to assume you're using DataBinding.
Code Front:
<asp:DataList ID="List" OnItemDataBound="List_ItemDataBound" runat="server">
<ItemTemplate>
<asp:CheckBox ID="DeleteMe" runat="server"/>
<a href="<%# DataBinder.Eval(Container, "DataItem.Url")%>" target="_blank">
<%# DataBinder.Eval(Container, "DataItem.Title")%></a>
</ItemTemplate>
</asp:DataList>
<asp:Button ID="DeleteListItem" runat="server" OnClick="DeleteListItem_Click" ></asp:Button>
Code Behind:
public partial class Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
LoadList();
}
protected void DeleteListItem_Click(object sender, EventArgs e)
{
foreach (DataListItem li in List.Items)
{
CheckBox delMe = (CheckBox)li.FindControl("DeleteMe");
if (delMe != null && delMe.Checked)
//Do Something
}
}
LoadList();
}
protected void LoadList()
{
DataTable dt = //Something...
List.DataSource = dt;
List.DataBind();
}
protected void List_ItemDataBound(object sender, DataListItemEventArgs e)
{
if (e.Item.ItemType == ListItemType.AlternatingItem || e.Item.ItemType == ListItemType.Item)
{
string id = DataBinder.Eval(e.Item.DataItem, "ID").ToString();
CheckBox delMe = (CheckBox)e.Item.FindControl("DeleteMe");
if (delMe != null)
delMe.Attributes.Add("value", id);
}
}
}
First, make sure that each Checkbox has an ID and that it's got the 'runat="server"' in the tag.
then use the FindControl() function to find it.
For example, if you're looping through all rows in a GridView..
foreach(GridViewRow r in Gridview1.Rows)
{
object cb = r.FindControl("MyCheckBoxId");
if(r != null)
{
CheckBox chk = (CheckBox)cb;
bool IsChecked = chk.Checked;
}
}
Postback data is restored between the InitComplete event and the PreLoad event. If your checkboxes are not created until later then the checkboxes will play "catch up" with their events and the data will be loaded into the control shortly after it is created.
If this is to late for you then you will have to do something like what you are already doing. That is you will have to access the post data before it is given to the control.
If you can save the UniqueId of each CheckBox that you create then can directly access the post data without having to given them a special prefix. You could do this by creating a list of strings which you save the ids in as you generate them and then saving them in the view state. Of course that requires the view state to be enabled and takes up more space in the viewstate.
foreach (string uniqueId in UniqueIds)
{
bool data = Convert.ToBoolean(Request.Form[uniqueId]);
//...
}
Your post is a little vague. It would help to see how you're adding controls to the table. Is it an ASP:Table or a regular HTML table (presumably with a runat="server" attribute since you've successfully added items to it)?
If you intend to let the user make a bunch of selections, then hit a "Submit" button, whereupon you'll process each row based on which row is checked, then you should not be handling the CheckChanged event. Otherwise, as you've noticed, you'll be causing a postback each time and it won't process any of the other checkboxes. So when you create the CheckBox do not set the eventhandler so it doesn't cause a postback.
In your submit button's eventhandler you would loop through each table row, cell, then determine whether the cell's children control contained a checkbox.
I would suggest not using a table. From what you're describing perhaps a GridView or DataList is a better option.
EDIT: here's a simple example to demonstrate. You should be able to get this working in a new project to test out.
Markup
<form id="form1" runat="server">
<div>
<table id="tbl" runat="server"></table>
<asp:Button ID="btnSubmit" runat="server" Text="Submit"
onclick="btnSubmit_Click" />
</div>
</form>
Code-behind
protected void Page_Load(object sender, EventArgs e)
{
for (int i = 0; i < 10; i++)
{
var row = new HtmlTableRow();
var cell = new HtmlTableCell();
cell.InnerText = "Row: " + i.ToString();
row.Cells.Add(cell);
cell = new HtmlTableCell();
CheckBox chk = new CheckBox() { ID = "chk" + i.ToString() };
cell.Controls.Add(chk);
row.Cells.Add(cell);
tbl.Rows.Add(row);
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
foreach (HtmlTableRow row in tbl.Rows)
{
foreach (HtmlTableCell cell in row.Cells)
{
foreach (Control c in cell.Controls)
{
if (c is CheckBox)
{
// do your processing here
CheckBox chk = c as CheckBox;
if (chk.Checked)
{
Response.Write(chk.ID + " was checked <br />");
}
}
}
}
}
}
What about using the CheckBoxList control? I have no Visual Studio open now, but as far as I remember it is a DataBound control, providing DataSource and DataBind() where you can provide a list at runtime. When the page does a postback you can traverse the list by calling something like myCheckBoxList.Items and check whether the current item is selected by calling ListItem.Selected method. This should work.
Add them in an override of the CreateChildControls method of the Page. Be sure to give them an ID! This way they get added to the control tree at the correct time.
IMHO The best way would be to use DataBound Templated Control though, i.e. something like a ListView (in .NET 3.5). then in pageload after postback traverse all items in the databound control and use item.FindControl to get at the actual checkbox.
What I ended up doing was tagging all my ID's with a know prefix and stuffing this at the top of Form_Load:
foreach (string v in this.Request.Form.AllKeys)
{
if (v.StartsWith(Prefix))
{
var data = v.Substring(Prefix.Length);
}
}
everything else seems to run to late.