G
Guogang
I find that the encoding of web control is inconsistent. Some controls will
do an HTML encoding on the text, some don't.
Say, I want to show the string "<script> alter("test") <script>". For a
"BoundColumn" used in DataGrid, I get an alert box instead of the string.
But for "TextBox" control, it is encoded correctly.
Is there a general rule, or documentation of which controls will do HTML
encoding automatically, which don't?
Thanks,
Guogang
do an HTML encoding on the text, some don't.
Say, I want to show the string "<script> alter("test") <script>". For a
"BoundColumn" used in DataGrid, I get an alert box instead of the string.
But for "TextBox" control, it is encoded correctly.
Is there a general rule, or documentation of which controls will do HTML
encoding automatically, which don't?
Thanks,
Guogang