How to deal with special characters in ASP.NET's HyperLink.NavigateUrl? - asp.net

I am currently having troubles figuring out how to handle a filepath to be (dynamicly) passed out to a HyperLink control's NavigateUrl property.
Let's say that I'm trying to refer to a file named jäynä.txt at the root of C:.
Passing "file:///C:/jäynä.txt" result to a link to file:///C:/jäynä.txt, as does HttpUtility.UrlPathEncode("file:///C:/jäynä.txt").
Replacing the ä**s with **%E4, which gives the string "file:///C:/j%E4yn%E4.txt", does give a working link to file:///C:/jäynä.txt, but I have not been able to find a way to make the replacement without defining it myself. With Replace("ä", "%E4"), for example.
Is there a way to automaticly handle the filepath string so that the HyperLink would display it correctly, without manualy listing what characters to replace in the string?
Additional Note:
There may be a way to work around this by spesifying the character encoding in which the page is rendered, because debugging shows that the HyperLink at least saves the string "file:///C:/jäynä.txt" unchanged, but somehow mangles it around the time of rendering.
However, this seems only be the case in rendering of the NavigateUrl because other components as well as HyperLink's Text-property are all quite capable of rendering the character ä unchanged.

The NavigateUrl property of a Hyperlink will encode unicode chars in the url.
Instead you can set the href attribute property of the Hyperlink like this:
hyperlink1.Attribute("href") = "file:///C:/jäynä.txt"

This is due to how the browser starts to interpret the path, typically individuals will avoid using characters such as that in the urls of pages.
In your case, I believe you have struck upon the best case scenario, as I am not aware of any way to change the behavior of HttpUtility and/or the NavigateUrl property. At least not without creating a custom control for it.

Don't use HyperLink control. Instead use HtmlAnchor control. It will solve your problem. I don't know why Microsoft designed like this.

Thank you!
The post using the 'attributes' solved my problem. In my case it was
HyperLink6.Attributes["href"] = "http://høgstedt.danquah.dk/";
The problem of using special danish characters in a url seem to have been troubling a lot of programmers - a search provides several very complicated approaches. This one is SIMPLE and it SIMPLY WORKS.
So once again, thank you

Related

Formatting strings in ASP.NET Razor

I am currently writing a small templating system in ASP.NET to allow users to add content. For example, the user can enter the string (variable type is string).
topHeader[x] = "They think it's all over. It is now!";
However, one change that's needed is the ability to add some basic HTML tags within this content, so the following can be done
topHeader[x] = "They think it's all over. <strong>It is now!</strong>";
or
topHeader[x] = "They think it's all over. <a title="Football News" href="URL">It is now!</a>";
If you add such things into strings now they are not formatted as HTML, but I want to somehow escape them so that they can be. Naturally I've looked on the Internet for the answer, but as Razor is fairly new there's not much out there to help me out.
Anyone have an idea of how to do this?
You need to create an IHtmlString implementation holding your HTML source.
Razor plans to have a helper method to do this for you, but, AFAIK, it doesn't yet, so I believe you'll need to create your own class that implements the interface and returns your HTML from the GetHtmlString() method.
EDIT: You can use the HtmlString class.
You can either change your topHeader dictionary to hold IHtmlStrings instead of Strings, or you can leave your code as is, but wrap it in an HtmlString in the Razor view:
<tag>#new HtmlString(topHeader[x])</tag>
Make sure to correctly escape any non-HTML special characters.
The helper method they added is called Html.Raw() and it is much cleaner.
Here is an example:
#Html.Raw("Hello <a>World</a>!")
SLaks is right, but you don't need to write your own implementation of IHtmlString, there's one built in to System.Web called HtmlString. So:
topHeader[x] = new HtmlString("They think it's all over. <a title=\"Football News\" href=\"URL\">It is now!</a>");
Should do the trick.

ASP.NET 3.5 - Making a field readonly/unmodifiable without "disabling" it

I have a web application with a form that has disabled fields in it. It allows a "Save As" function which basically means the settings can be copied into a new configuration (without being modified) and in the new configuration they can be changed to something else. The problem I am running into with this is that since the fields are disabled, they are not getting posted through and do not appear in the context object on the server side.
When I removed the logic to disable the fields, that part works fine. So the remaining problem is, how to "disable" the fields (not allow any change of the data in any of the entry fields) without really "disabling" them (so that the data gets posted through when saving)?
I was originally looking for a way to do this in CSS but not sure if it exists. The best solution is of course, the simplest one. Thanks in advance!
(Note: by 'disabled' I mean "The textboxes display but none of the text inside of them can be modified at all". It does not matter to me whether the cursor appears when you click inside it, though if I had a preference it would be no cursor...)
http://www.w3schools.com/TAGS/att_input_readonly.asp
readonly attribute is what you want.
i would suggest that instead of using the non-updateable field values from the page's inputs, you retrieve the original object from the DB and copy them from there. It's pretty trivial using something like Firebug to modify the contents of the page whose form will be posted back to modify the values, even if they are marked as readonly. Since you really want the values from the original, I would simply reget the object and copy them. Then you don't need to worry about whether the original (and non-updateable) properties get posted back at all.

asp.net MVC action link need to have the registered on the actual word

got this actionlink:
<%= Html.ActionLink("Corian® Worktops", "Index", "Corian")%>
the word corian has to carry the registered symbol or the word can not be used, but it seems to process, i know i could just write this as a normal href but it kinda defeats the object if there is another solution.
has any tried and successfully caried something like this out?
thanks
It works normally
<%= Html.ActionLink("RegistededMark®", "Action")%>
Use the normal ® symbol but make sure the font in HTML displays it correctly.
I do not know why but having static text in the views gives me the chills. I would rather suggest that you use a resource provider to fill in your link text. That way you will not be bothered by the html encoding stuff.

Input Validation When Using a Rich Text Editor

I have an ASP.NET MVC application and I'm using CKEditor for text entry. I have turned off input validation so the HTML created from CKEditor can be passed into the controller action. I am then showing the entered HTML on a web page.
I only have certain buttons on CKEditor enabled, but obviously someone could send whatever text they want down. I want to be able to show the HTML on the page after the user has entered it. How can I validate the input, but still be able to show the few things that are enabled in the editor?
So basically I want to sanitize everything except for a few key things like bold, italics, lists and links. This needs to be done server side.
How about AntiXSS?
See my full answer here from similar question:
I have found that replacing the angel
brackets with encoded angel brackets
solves most problems
You could create a "whitelist" of sorts for the html tags you'd like to allow. You could start by HTML encoding the whole thing. Then, replace a series of "allowed" sequences, such as:
"<strong>" and "</strong>" back to "<strong>" and "</strong>"
"<em>" and "</em>" back to "<em>" and "</em>"
"<li>" and "</li>" back to ... etc. etc.
For things like the A tag, you could resort to a regular expression (since you'd want the href attribute to be allowed too). You would still want to be careful about XSS; someone else already recommended AntiXSS.
Sample Regexp to replace the A tags:
<a href="([^"]+)">
Then replace as
<a href="$1">
Good luck!

asp.net best practice string concatenation

I am trying to find the best practice for generating and outputting html which would require a database query first to obtain the info. Currently in the aspx page I have a div with runat server:
<div runat="server" id="leaflet"></div>
Now just as a start to do a bit of testing I have a method that runs on page_load that basically does:
private void BuildLeaflet(string qnid)
{
//gets leaflet details
QueryLeafletDetails();
//return concatenated content string
leaflet.InnerHtml "<h1>" + dr["LSC Descriptor"] + "</h1>";
}
In the real solution the return is a concatenation of about 10 fields some very long as they are content.
I don't by any means think this is the best solution, but what is? A StringBuilder? Can I Write Each Part in turn to the site avoiding the concatenation in the method? Is the server div even best?
Edit: Forgot to put some of my content sections have simple (limited) html in them already such as paragraph, list... This allows me to easily produce documents for web and printing, I just use different stylesheets.
I would use <asp:Literal runat="server" enableViewState="false" id="leaflet" />. This doesn't generate any tags on the page, and doesn't stuff all the text in the ViewState.
And yes, use StringBuilder if you need to concatenate many long strings. This will be way more memory efficient.
The other solution would be to see if you can make some fixed markup on the page and put the contents of each DB field in it's own control (<asp:Literal />?).
I'd use either string.Format, if the number of fields is fixed (and relatively small), or a StringBuilder, otherwise. Readability of the code would be my guide, less so performance. You might also want to think about abstracting this out into a UserControl if you plan to reuse it. Then you could give it settable properties and build the render logic into the control to avoid repeating yourself.
Various people have benchmarked this - iirc format is fine for <4 items, simple concats for <7, stringbuilding above that.
I strongly advise against creating HTML as strings btw.

Resources