asp:BoundField and HtmlEncode

  • Thread starter Thread starter jMehdi
  • Start date Start date
J

jMehdi

I have the following definition:

<asp:BoundField DataField="ThreadPostAuthor" HeaderText="<%$
Resources:ForumsRes, StartedBy %>" SortExpression="ThreadPostAuthor"
HtmlEncode="false" />

When the UICulture is set to French the HeaderText displays encoded
characters (eg: "Commencé par" instead of "Commencé par") so I've
added the HtmlEncode attribute and it works fine.
But if I want to encode the column's data for security reason? And why
encoding the HeaderText??
 
Hi,
added the HtmlEncode attribute and it works fine.
But if I want to encode the column's data for security reason? And why
encoding the HeaderText??
Click to expand...

if there's no way to make a BoundColumn HTMLEncode your data, try a
TemplateColumn with a Literal control instead. Literals can HTMLEncode
the data.

I fail to understand what HTMLEncoding has to do with security though?

Hope this helps,

Roland
 
I fail to understand what HTMLEncoding has to do with security though?

Data displayed by my BoundColumn is user's data. To prevent cross-site
scripting I want to HtmlEncode the column's data, but not the
HeaderText

I think I have no other choice than using a TemplateColumn
 
Back
Top