locked
How do I Bind() Data with Angle Bracket (<) in it? RRS feed

  • Question

  • User-1063975498 posted

    I have an asp:GridView.  It has an "asp:ObjectDataSource".  The datasource stores some values like so (To/From Registry) - "<System%%>" or "System%%" (can be either for example).

    An example is the following:

      

    <asp:TemplateField HeaderText="Value" SortExpression="RegValue">
        <ItemTemplate> 
          <asp:Label ID="RegValueLable" runat="server" CssClass="myStyle1" Text='<%# HttpUtility.HtmlEncode(Eval("RegValue").ToString()) %>' />
        </ItemTemplate>
        <EditItemTemplate>
          <asp:TextBox ID="RegValueTextBox" CssClass="myStyle2" Width="100%" runat="server" Text='<%# Bind("RegValue") %>' />
        </EditItemTemplate>
    </asp:TemplateField>

     

    I was able to fix the ItemTemplate using the "HttpUtility.HtmlEncode(...)".  So now it's able to display the values fine from the datasource, but if the user wants to edit them then an error gets thrown "An Unknown Error Occured - Status Code 500".  It only happens when I try to save values that have a '<' followed by a letter; works fine with other values.

    A solution which lets the user type in for example "hel<lo" as a value would be best for me.  Is there something I can do with the "OnUpdating" event for the ObjectDataSource for example?  Or another solution?  Bind doesn't work with "HtmlDecode" in the above but I don't think that will help.  Also if I type in something like "hel<lo" and press "Cancle" instead of "Update" then the error still gets thrown.

     

    Thanks, if there are any questions, need more information, or can't reproduce the problem, I can try to be more precise (make more code).  NB

    Tuesday, July 15, 2008 9:23 PM

Answers

All replies

  • User373202871 posted

    set validateRequest="false", but be sure to sanitise the input manually for any abuse.

    http://forums.asp.net/t/1286005.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, July 15, 2008 11:06 PM
  • User384031199 posted

    http://support.microsoft.com/kb/916441

    Does it help you?

     

    Tuesday, July 15, 2008 11:13 PM
  • User-1063975498 posted

    Yay :)  Putting ValidateRequest="false" in my <%@ Page worked perfectly.  Thank you *will mentally sanitise the input*.  The site only runs on a private intranet so I shouldn't have to worry about malicious users as much as some. 

    NB

    Wednesday, July 16, 2008 2:16 PM