BoundField.HtmlEncode Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets a value indicating whether field values are HTML-encoded before they are displayed in a BoundField object.
public:
virtual property bool HtmlEncode { bool get(); void set(bool value); };
public virtual bool HtmlEncode { get; set; }
member this.HtmlEncode : bool with get, set
Public Overridable Property HtmlEncode As Boolean
Property Value
true
if field values are HTML-encoded before they are displayed in a BoundField object; otherwise, false
. The default is true
.
Examples
The following code example demonstrates how to use the HtmlEncode property to prevent field values from being HTML-encoded before being displayed in a BoundField object.
<%@ Page language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>BoundField Example</title>
</head>
<body>
<form id="form1" runat="server">
<h3>BoundField Example</h3>
<asp:gridview id="CustomersGridView"
datasourceid="CustomersSqlDataSource"
autogeneratecolumns="false"
allowpaging="true"
runat="server">
<columns>
<asp:boundfield datafield="CustomerID"
readonly="true"
headertext="Customer ID"/>
<asp:boundfield datafield="CompanyName"
htmlencode="false"
headertext="Customer Name"/>
<asp:boundfield datafield="Address"
htmlencode="false"
headertext="Address"/>
<asp:boundfield datafield="City"
htmlencode="false"
headertext="City"/>
<asp:boundfield datafield="PostalCode"
htmlencode="false"
headertext="ZIP Code"/>
<asp:boundfield datafield="Country"
htmlencode="false"
headertext="Country"/>
</columns>
</asp:gridview>
<!-- This example uses Microsoft SQL Server and connects -->
<!-- to the Northwind sample database. Use an ASP.NET -->
<!-- expression to retrieve the connection string value -->
<!-- from the Web.config file. -->
<asp:sqldatasource id="CustomersSqlDataSource"
selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
runat="server">
</asp:sqldatasource>
</form>
</body>
</html>
<%@ Page language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>BoundField Example</title>
</head>
<body>
<form id="form1" runat="server">
<h3>BoundField Example</h3>
<asp:gridview id="CustomersGridView"
datasourceid="CustomersSqlDataSource"
autogeneratecolumns="false"
allowpaging="true"
runat="server">
<columns>
<asp:boundfield datafield="CustomerID"
readonly="true"
headertext="Customer ID"/>
<asp:boundfield datafield="CompanyName"
htmlencode="false"
headertext="Customer Name"/>
<asp:boundfield datafield="Address"
htmlencode="false"
headertext="Address"/>
<asp:boundfield datafield="City"
htmlencode="false"
headertext="City"/>
<asp:boundfield datafield="PostalCode"
htmlencode="false"
headertext="ZIP Code"/>
<asp:boundfield datafield="Country"
htmlencode="false"
headertext="Country"/>
</columns>
</asp:gridview>
<!-- This example uses Microsoft SQL Server and connects -->
<!-- to the Northwind sample database. Use an ASP.NET -->
<!-- expression to retrieve the connection string value -->
<!-- from the Web.config file. -->
<asp:sqldatasource id="CustomersSqlDataSource"
selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
runat="server">
</asp:sqldatasource>
</form>
</body>
</html>
Remarks
Use the HtmlEncode property to specify whether field values are HTML-encoded to their respective string representations before they are displayed in a BoundField object. For example, if this property is true
, a string value of "<script>" would be rendered as "<script>". If this property is false
, the string would be rendered unchanged.
Note
HTML-encoding field values helps to prevent cross-site scripting attacks and malicious content from being displayed. This property should be enabled whenever possible.
Applies to
See also
.NET