HtmlEncode with apostrophes

  • Thread starter Thread starter Andy Fish
  • Start date Start date
A

Andy Fish

When using databinding, I have gotten into the habit of using single quotes
(apostrophe) round attribute values rather than double quotes because this
allows visual studio to work when there are quotation marks in the
databinding expression. As far as I can tell this seems to be recommended
practice.

However, I just realised that HtmlEncode doesn't encode apostrophes, so if
you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?
Assuming not, does this mean I have to write my own version of HtmlEncode?

TIA

Andy
 
Andy Fish said:
When using databinding, I have gotten into the habit of using single
quotes (apostrophe) round attribute values rather than double quotes
because this allows visual studio to work when there are quotation marks
in the databinding expression. As far as I can tell this seems to be
recommended practice.
Click to expand...

"Recommended" might be pushing things a bit. <g> It works, but consistently
using double quotes to wrap attributes will generally make your HTML a bit
easier to maintain.

However, I just realised that HtmlEncode doesn't encode apostrophes,
Click to expand...

But it will encode the double quote character, so things would be a bit
easier if you were wrapping with double quotes.

so if you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?
Click to expand...

You can do it, but it will require a bit more work.

Assuming not, does this mean I have to write my own version of HtmlEncode?
Click to expand...

You should really do this anyway in order to facilitate handling of other
"interesting" scenarios (e.g.: encoding of text to be used as a literal
string in client-side javascript). The easiest way to implement this is to
call the provided HtmlEncode method, then massage the resulting string as
required for its intended used.
 
Andy Fish said:
When using databinding, I have gotten into the habit of using single
quotes (apostrophe) round attribute values rather than double quotes
because this allows visual studio to work when there are quotation marks
in the databinding expression. As far as I can tell this seems to be
recommended practice.
Click to expand...

"Recommended" might be pushing things a bit. <g> It works, but consistently
using double quotes to wrap attributes will generally make your HTML a bit
easier to maintain.

However, I just realised that HtmlEncode doesn't encode apostrophes,
Click to expand...

But it will encode the double quote character, so things would be a bit
easier if you were wrapping with double quotes.

so if you do something like this

<a href=... title='<%#Server.HtmlEncode(DataBinder.Eval(Container,
"DataItem.FullName"))%>' >

you will be screwed if the full name contains an apostrophe.

Is it really unacceptable to use single quotes for HTML attribute values?
Click to expand...

You can do it, but it will require a bit more work.

Assuming not, does this mean I have to write my own version of HtmlEncode?
Click to expand...

You should really do this anyway in order to facilitate handling of other
"interesting" scenarios (e.g.: encoding of text to be used as a literal
string in client-side javascript). The easiest way to implement this is to
call the provided HtmlEncode method, then massage the resulting string as
required for its intended used.
 
After writing my own HtmlEncode method, I realised that &apos; is not part
of the HTML 4 standard and also IE does not support it.

I conclude that it is not possible to use single quotes round attribute
values if the attribute value could itelf contain a single quote mark (i.e.
apostrophe). It seems unfortunate that so many examples use this style.
 
Try using ' instead of &apos;.



Andy Fish said:
After writing my own HtmlEncode method, I realised that &apos; is not part
of the HTML 4 standard and also IE does not support it.

I conclude that it is not possible to use single quotes round attribute
values if the attribute value could itelf contain a single quote mark
(i.e. apostrophe). It seems unfortunate that so many examples use this
style.
Click to expand...
 
Back
Top