I can't find this info anywhere. Probably because Google is ignoring the keywords. Is there a difference between using <%: and <%= in your aspx page? They seem interchangeable.
<%: %> is a new thing in ASP.NET MVC 2. It is the same as <%= Html.Encode("Text") %>. It is recommended to always use <%: %> unless you have some specific reason to not do so (for example, you are rendering data from some file or database that's already been encoded).
The difference is :
<%= "my <text>" %> will output my <text>, which is incorrect HTML
<%: "my <text>" %> will output my <text>, which is better
More details here
#ntcolonel is right on the money. Additionally, for cases where your data has already been encoded, provide it using anything implementing IHtmlString. This prevents double-encoding, and allows you to always use <%: %>.
I believe that ASP.NET 4 shops should gravitate toward enforcing <%: %> by policy.
Also, the new syntax is for ASP.NET 4 in general; not necessarily just MVC, which is great news for WebForms developers.
Related
I'm just wondering, the only difference I know is that the <%= symbols generates any possible html tags that's included with the string your planning to display, while <%: just display what the string exactly look like. If anyone can help me with this, I will greatly appreciate it.
Pretty good explanation from Scott Gu - New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)
Excerpt:
ASP.NET applications (especially those using ASP.NET MVC) often rely on using <%= %> code-nugget expressions to render output. Developers today often use the Server.HtmlEncode() or HttpUtility.Encode() helper methods within these expressions to HTML encode the output before it is rendered. This can be done using code like below:
<div>
<%= Server.HtmlEncode(Model.Content) %>
</div>
While this works fine, there are two downsides of it:
It is a little verbose
Developers often forget to call the Server.HtmlEncode method – and there is no easy way to verify its usage across an app
New <%: %> Code Nugget Syntax
With ASP.NET 4 we are introducing a new code expression syntax (<%: %>) that renders output like <%= %> blocks do – but which also automatically HTML encodes it before doing so. This eliminates the need to explicitly HTML encode content like we did in the example above. Instead, you can just write the more concise code below to accomplish the exact same thing:
<div>
<%: Model.Content %>
</div>
The two inline code tags are essentialy the same, the only difference being that <%: %> will automatically use encoding. So this:
<%: myText %>
is equivalent to this:
<%= Html.Encode(myText) %>
The former is recommended.
<%: is HtmlEncoded. Code Nuggets for asp.net
With ASP.NET 4 we are introducing a new code expression syntax (<%: %>) that renders output like <%= %> blocks do – but which also automatically HTML encodes it before doing so.
From Scott Gu blog:
With ASP.NET 4 we are introducing a new code expression syntax (<%:
%>) that renders output like <%= %> blocks do – but which also
automatically HTML encodes it before doing so. This eliminates the
need to explicitly HTML encode content like we did in the example
above. Instead, you can just write the more concise code below to
accomplish the exact same thing:
http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
Since .NET 4 its possible to use the <%: %> syntax for HTML Encoding of text.
In a repeater I use the following syntax to display data
<%# DataBinder.Eval(Container.DataItem, "fieldlabel")%>
The only way I know of to encode the output in the repeater is by using "Server.HtmlDecode". Is it possible to use the new <%: %> in a repeater just in combination with databinding so that I can remove the ugly HtlmDecode syntax. Or is an extention method my only option to improved the readability?
As of ASP.NET 4.5 this is possible using the new <%#: %> notation
No it is not possible. The <%# is allowing the evaulation of binding data but it use the basic <% block.
The only thing you can do is recreate the <%: by wrapping your code in Html.Encode.
Eg:
<%# Html.Encode(DataBinder.Eval(Container.DataItem, "fieldlabel")) %>
The <%: is a shortcut and I guess not every variation of the use of the blocks has been captured to include a shortbut. MS probably didn't want to complicate the issue by creating a ton of different symbols to capture the various uses and only support the most common use.
I think the answer is no, based on this question.
Meaning of the various symbols in .aspx page of asp.net
It is possible but need to work more:
Please use below syntax
<asp:Literal ID="fieldlabel" runat="server" Mode="Encode" Text='<%#Eval("fieldlabel")%>"></asp:Literal>
It seems I am missing something. But ever since .Net 4.0 came out I have been seeing reference to <%: %> syntax for ASP.NET. It seems like it is similar to <%= %> but clearly there is a reason for the new syntax. I tried google but searching <%: %> doesn't seem to return anything. What does the <%: %> syntax do? Was it introduced in .Net 4.0 or 3.5? Can someone enlighten me?
Edited: Please provide reference or examples
i believe the <%: %> is auto HtmlEncoding
this post from Scott Gu will help to explain - it was introduced in .net 4 and MVC2
http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
: does html encoding.
Scott Guthrie has a nice post describing it in detail.
Don't use this where it is already encoded otherwise it will double encoded it. This is useful if you want to output things like HTML, though.
I have maybe very very Simple Question:
Where i can find documentation about expressions and syntax of WebForms view engine?
And what is the difference between
<%: expression %>
and
<%= expression %>
?
in advance thanks for reply
<%: expression %> renders the content with HTML encoding, whereas <%= expression %> renders it as is.
See Scott Guthrie's post New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2) for more info.
i ve got it:
http://msdn.microsoft.com/en-us/library/fy30at8h(VS.71).aspx
I should know this by now, but I don't, and for some reason, I am not finding the answer on Google, so I thought I'd try here.
I know that <%= %> is the equivalent of Response.Write()
And I've seen <%# %> for databinding.
However, today I noticed something new, and even though I can see what it's doing, I am looking for the official documentation on this. In one of my web pages, I see
ConnectionString="<%$ ConnectionStrings:SomeConnectionString %>"
So what does <%$ %> do?
See this question:
In ASP.Net, what is the difference between <%= and <%#
In summary ,there are a several different 'bee-stings':
<%# - Page/Control/Import/Register directive
<%$ - Resource access and Expression building
<%= - Explicit output to page, equivalent to <% Response.Write( ) %>
<%# - Data Binding. It can only used where databinding is supported, or at the page level if you call Page.DataBind() in your code-behind.
<%-- - Server-side comment block
<%: - Equivalent to <%=, but it also HTMLEncode()s the output.
Used for expressions, not code; often seen with DataSources
http://msdn.microsoft.com/en-us/library/d5bd1tad.aspx
It's markup used to evaluate expressions rather than code.