I am looking to display this in my .aspx page, without using special character XML tags, can this be achieved?
<asp:ServerTag Property1="a"
Property2="b"
Property3="c" <%-- Comment why this particular property is necessary --%>
Property4="d" />
However, I am greeted with the error message Server tags cannot contain <% ... %> constructs. If I use an HTML <!-- --> tag, I'm told the server tag is not well formed.
Is there any other syntax to make this possible?
Put server-side comment above your server-side control.
<!-- client-side comment (html) - appears in html source but not rendered on page
<%-- server-side comment - stripped out on server, never sees light of day, browser never knows about it
like this
<%-- Usage:
Property2 is xyz...
Property3 will .. abc. Ignore Property 1 when this is set. etc
--%>
<asp:ServerTag Property1="a"
Property2="b"
Property3="c"
Property4="d" />
It's just like putting source code comments above your functions.
Think "server to server". It will make the difference between your HTML source looking like
cluttered with "pass through" html comment <!--:
<!-- Property usage: abc, def, ...xyz -->
Rendered server control contents.
vs. the cleaner stripped out " <%-- source:
Rendered server control contents.
Less bandwidth with latter too. No extraneous (and confusing to user) comments in HTML source.
It's not possible, no. The server tags need to be well-formed XML and you can't have tags like that in XML. You can put a comment at the top, of course, like so:
<!-- Property2 needed because... -->
<asp:ServerTag Property1="a" Property2="b" Property3="c" />
Not necessarily like that but you may want to consider decorating the property in c# to let the user know its relevance. After that something like resharper (or maybe vs) will give you this information when you try to set it.
Related
I have an aspx page and controls on it. For the purpose consuming it at client side javascript I would like to place attributes for my elements. I would like to do it all in the markup, not in code behind. It seems the placed attributes will be all lowercased at client side.
For example:
<asp:LinkButton ID="anyButton" runat="server" confirmationMessage='any message'...
will be rendered at client side as:
<a confirmationmessage='any message'...
Consequently I must use this casing all my javascript code. Not a big issue, but quite disturbing if you like strict naming conventions.
Thanks in advance
What is the difference between these types of comments in ASP.NET's ASPX markup page?
<%-- something here --%>
and the html comment
<!-- something here -->
The first you will only see in the ASPX and not the rendered HTML Page
The second will be rendered as part of the HTML
The first is a server side comment. It will stop the .NET code from executing.
The second is plain HTML comments. The .NET code inside the comments will still be executed on the server-side but the resulting markup will be commented out to the browser.
Scott Guthrie has a short but sweet blog post covering the differences a little more:
Tip/Trick: Using Server Side Comments with ASP.NET
The <% ... %> comment is a so called server-side comment (and will not be shown in the final output). <!-- ... --> is a regular HTML comment (and will be shown in the browser by viewing the source).
The key difference is that with
client-side comments it is the browser
which is ignoring the content within
them. Code/controls within
client-side comments will still be
executed on the server and sent down
to the browser. As such, if there is
a server error caused within them it
will block running the page.
Read more about the differences here: Using Server Side Comments with ASP.NET 2.0
the first one would not appear in the final HTML output.
the second one is how you comment in HTML and it will appear in the HTML output.
This is a server side comment and will not appear in the HTML markup:
<%-- something here --%>
This is an HTML comment and will appear in the HTML markup, as it is part of it:
<!-- something here -->
see here this error - http://validator.w3.org/check?verbose=1&uri=http%3A%2F%2Fwww.sitecore.net%2F
runat="server" is asp.net server control syntax. It must not come in html. It is interpreted by ASP.NET. you must remove this attribute.
Possible Reason for this:
1. I think the template is dynamically created. the developer make static site and cut copy paste on server side to make it dynamic but use control as response.write and forgot to remove runat="server" because it must be html content in response.write.
NOTE: No ASP.NET server control gives runat="server" in HTML. It is hardcoded in your code. remove this from both anchor and image tag.
Er... remove the attributes? They aren't valid HTML, and they're only meaningful when interpreted by ASP.NET.
Your pages should not be rendered with runat="server", so something's definitely going wrong here. What does the part of your aspx look like, that corresponds to one of the elements that is giving this validation error?
Can anyone explain what might be causing this error. Im thinking its the quotes.
Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerousRequest.Form value was detected from the client
(ctl00$ContentPlaceHolder1$DetailsView1$txtContent="...l economy.<br /><br />The
Prop...").
The contents of a control (probably a textbox) contains what ASP.net considers to be markup, eg:
<br /><br />
You can add ValidateRequest="false" to the Page directive in your .aspx file as follows:
<%# Page ........ ValidateRequest="false" ........ %>
As other answers noted, asp.net is doing this to try and protect you from potentially malicious input so make sure you're aware of the risk and encode/decode user data appropriately.
I think you can take a look at this A potentially dangerous Request.Form value was detected
Its the html "<br/>" tags.
Here's an article with a brief explanation . Also shows you how to work around it by turning off validation. Though I guess that would be a bit dangerous to just turn it off.
It actually should be
<br /><br />
it complains about.
That would be the '<' and '>'.
EDIT: It's assumed that including html entries in form responses is intended as an attack on the server on which the form resides. So, by default, any code that resembles html (i.e. includes '<' or '>') is automatically flagged as a problem.
One way to resolve this is to turn off this type of validation by setting validateRequest="false" in the Page directive for that page, but there are other (and better) ways to work around that.
Here's some information from Microsoft about this issue.
My idea: allow this exception to be thrown. Use Application_Error handler to write code, that redirects (using Response.Redirect - this is important, since this gives users’ browser ability to go back) user to a custom error page. On this page write some text explaining that users had incorrectly input some text. Something like:
"Dear user, you have entered some invalid text, like “<” or “.”. Please, enter text using only characters and numbers".
Put a link on that page, and this link can contain a javascript "back" command:
href="javascript: history.go(-1)"
Users after clicking suchlink will be redirected by their browsers to the previous page, where they can re-edit their input.
After trying to understand why client code is not rendered in a page (injected by user control) I found this link, it turns out you must have a form tag for it to work (Page.RegisterClientScriptBlock did declare this but ClientScriptManager.RegisterClientScriptBlock which I use does not say anything regarding this).
I am using Visual studio 2005.
Does anyone know if this has been solved?
Edit:
To clarify, I want my control to add javascript code to the head section of the page without having to use the
<form runat="server"
I have tried adding it using:
HtmlGenericControl x = new HtmlGenericControl("script");
x.InnerText = "alert('123');";
Page.Header.Controls.Add(x);
But this did not work for me.
As far as I know this functions the same in current versions, you can test it very simply though.
Update
per discussion in the comments, the only "workaround" that I could think of would be for your to manually insert the script into the "head" section of the page on your own, using a runat="server" declaration on the Head element.
Got it!
My mistake was not doing it in the OnPreRender method (I used the Render method).
Now all that is needed is - like Mitchel Sellers wrote, set the header to runat server and than add to it's controls:
HtmlGenericControl x = new HtmlGenericControl("script");
x.InnerText = GetScriptSection();
Page.Header.Controls.Add(x);
Thanks for pointing me to the right direction!
The MSDN Page for registerclientscriptblock here says:
The client-side script is emitted just
after the opening tag of the Page
object's <form runat= server> element.
The script block is emitted as the
object that renders the output is
defined, so you must include both tags
of the <script> element.
If you do not want to include a form, than you will basically need to build your own implementation of it.
Minor clarification for anyone seeing this:
The form tag must have the runat="server" attribute set, e.g.
<form id="theform" runat="server">
Just placing a regular HTML form tag in the page will not help.