BoundField.HtmlEncode 属性
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
获取或设置一个值,该值指示在 BoundField 对象中显示字段值之前,是否对这些字段值进行 HTML 编码。
public:
virtual property bool HtmlEncode { bool get(); void set(bool value); };public virtual bool HtmlEncode { get; set; }member this.HtmlEncode : bool with get, setPublic Overridable Property HtmlEncode As Boolean属性值
如果在 BoundField 对象中显示字段值之前,对这些字段值进行 HTML 编码,则为 true;否则为 false。 默认值为 true。
示例
下面的代码示例演示如何使用 HtmlEncode 属性来防止字段值在对象中 BoundField 显示之前进行 HTML 编码。
<%@ Page language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>BoundField Example</title>
</head>
<body>
<form id="form1" runat="server">
<h3>BoundField Example</h3>
<asp:gridview id="CustomersGridView"
datasourceid="CustomersSqlDataSource"
autogeneratecolumns="false"
allowpaging="true"
runat="server">
<columns>
<asp:boundfield datafield="CustomerID"
readonly="true"
headertext="Customer ID"/>
<asp:boundfield datafield="CompanyName"
htmlencode="false"
headertext="Customer Name"/>
<asp:boundfield datafield="Address"
htmlencode="false"
headertext="Address"/>
<asp:boundfield datafield="City"
htmlencode="false"
headertext="City"/>
<asp:boundfield datafield="PostalCode"
htmlencode="false"
headertext="ZIP Code"/>
<asp:boundfield datafield="Country"
htmlencode="false"
headertext="Country"/>
</columns>
</asp:gridview>
<!-- This example uses Microsoft SQL Server and connects -->
<!-- to the Northwind sample database. Use an ASP.NET -->
<!-- expression to retrieve the connection string value -->
<!-- from the Web.config file. -->
<asp:sqldatasource id="CustomersSqlDataSource"
selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
runat="server">
</asp:sqldatasource>
</form>
</body>
</html>
<%@ Page language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>BoundField Example</title>
</head>
<body>
<form id="form1" runat="server">
<h3>BoundField Example</h3>
<asp:gridview id="CustomersGridView"
datasourceid="CustomersSqlDataSource"
autogeneratecolumns="false"
allowpaging="true"
runat="server">
<columns>
<asp:boundfield datafield="CustomerID"
readonly="true"
headertext="Customer ID"/>
<asp:boundfield datafield="CompanyName"
htmlencode="false"
headertext="Customer Name"/>
<asp:boundfield datafield="Address"
htmlencode="false"
headertext="Address"/>
<asp:boundfield datafield="City"
htmlencode="false"
headertext="City"/>
<asp:boundfield datafield="PostalCode"
htmlencode="false"
headertext="ZIP Code"/>
<asp:boundfield datafield="Country"
htmlencode="false"
headertext="Country"/>
</columns>
</asp:gridview>
<!-- This example uses Microsoft SQL Server and connects -->
<!-- to the Northwind sample database. Use an ASP.NET -->
<!-- expression to retrieve the connection string value -->
<!-- from the Web.config file. -->
<asp:sqldatasource id="CustomersSqlDataSource"
selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
runat="server">
</asp:sqldatasource>
</form>
</body>
</html>
注解
HtmlEncode使用 属性指定在对象中BoundField显示字段值之前,是否将其 HTML 编码为各自的字符串表示形式。 例如,如果此属性为 true,则“script>”<的字符串值将呈现为“<script>”。 如果此属性为 false,则字符串将保持不变。
注意
HTML 编码字段值有助于防止显示跨站点脚本攻击和恶意内容。 应尽可能启用此属性。
