How to get rid of HTML Entities in an Alertbox

Question

User2103134756 posted

I'm using JavaScript here but this is the closest forum to the subject that I could post in. I have small script I dynamically attach to a delete linkbutton on a gridview. It confirms the deletion. In the alert box, the name field is shown. Normally this works fine unless I have an apostrophe or an ampersand. When that's the case, I get the '&' and ''  instead of the characters. I was using the e.Row.Cells[col_num].Text.ToString(); but got blank text in the name field so I switched to casting a label with FindControl. That got the name but I still have the same problem when an '&' is in the name and when an apostrophe is present, the alertbox doesn't appear and there's a postback so the record gets deleted without confirmation. Found a number of ways on various sites but none of them work. This is in the RowDataBound event for the gridview.

Label lbl = (Label)e.Row.Cells[1].FindControl("lblArtistName");
string recordName = lbl.Text;
 
//gets the delete cell for the button 
deleteCell = e.Row.Cells[ARTISTS_DELETE_COL];

//get linkbutton control
lbDelete = (LinkButton)deleteCell.Controls[1];

//if it's there, add the javascript and 
//change the style and button back to enabled
if (lbDelete != null)
{
	//Adds the javascript attribute that confirms a delete.
	lbDelete.Attributes.Add("onClick", "return deleteConfirm('" + recordName + "');");
	lbDelete.ControlStyle.CssClass = "GvCmd";
	lbDelete.Enabled = true;
}

Answer 1

User2103134756 posted

Somehow some lines got switched around and I was adding the attribute prior to binding the gridview so the changes were being overwritten. That's why after a save there was no javascript. But the problem with the html entities, the reason for the post is still there. I've tried encode/decode and encodeURI/decodeURI but it still doesn't work.

Answer 2

User-474980206 posted

the onclick is an html attribute. an & inside should render as &, so that:

  <button type="button" onclick="alert('John &amp; Sons')">click me</button>

will alert "John & Sons". I haven't used webforms in years, but perhaps you are getting double encoding.

Answer 3

User839733648 posted

Hi oneillj,

To get rid of HTML Entities in an Alertbox, you could use the code like following :

var encoded = "This is &ads'afddf;' string";
var decoded = $("<div/>").html(encoded).text();

Reference: https://stackoverflow.com/questions/14937169/html-entities-in-a-javascript-alert 

Here is a demo I've created and hope it will be helpful to you.

.aspx

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
    <script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
    <script>
        function deleteConfirm(ename) {
            var ename = $("<div/>").html(ename).text();
            var result = confirm("Are you sure you want to delete " + ename);
            if (result) {
                return true;
            }
            else {
                return false;
            }
        }
    </script>
</head>
<body>
    <form id="form1" runat="server">
        <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="Eid" OnRowDataBound="GridView1_RowDataBound">
            <Columns>
                <asp:BoundField DataField="Eid" HeaderText="Eid" />
                <asp:BoundField DataField="Ename" HeaderText="Ename" />
                <asp:BoundField DataField="age" HeaderText="age" />
                <asp:BoundField DataField="sex" HeaderText="sex" />
                <asp:TemplateField>
                    <ItemTemplate>
                        <asp:LinkButton ID="LinkButton1" runat="server" >Delete</asp:LinkButton>
                    </ItemTemplate>
                </asp:TemplateField>
            </Columns>
        </asp:GridView>
    </form>
</body>
</html>

code-behind.

        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                BindData();
            }
        }
        string constr = ConfigurationManager.ConnectionStrings["EmployeeManagementConnectionString"].ConnectionString;
        private void BindData()
        {
            SqlConnection con = new SqlConnection(constr);
            string myquery = "SELECT * FROM tb_info";
            SqlCommand cmd = new SqlCommand(myquery, con);
            con.Open();
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            sda.Fill(ds);
            con.Close();
            GridView1.DataSource = ds;
            GridView1.DataBind();
        }

        protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
        {
            if (e.Row.RowType == DataControlRowType.DataRow)
            {
                string ename = e.Row.Cells[1].Text;
                LinkButton lnkBtn = (LinkButton)e.Row.FindControl("LinkButton1");
                lnkBtn.Attributes.Add("onclick", "return deleteConfirm('" + ename + "')");
            }
        }

result:

Best Regards,

Jenifer