asp.net 2. 0 hyperlink DataNavigateUrlFormatString

  • Thread starter Thread starter Vincent
  • Start date Start date
V

Vincent

Hi, I have a problem when I put the 3rd field into a hyperlink field
it does not show up. Here's my example:

This works and the url is:

http://gl.aspx?whs=1&dept=02


<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>


but if I add a 3rd field (see below) to the
datanavigateurlformatstring This does not work and the url it produces
is:

http://gl.aspx

with nothing after it.

<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>

Any help would be appreciated. I should note that I use VS 2005 to
create the page. Thansk. vin.
 
Hi there,

You can have as many data field as you want. The problem is caused by a
datetime field, which after evaluation contains ':'. I had a look at
System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
is potentially dangerous by calling
System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :

internal static bool IsDangerousUrl(string s)
{
if (string.IsNullOrEmpty(s))
{
return false;
}
s = s.Trim();
int num1 = s.Length;
if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
|| (s[4] == 'S'))) && (s[5] == ':'))))
{
return false;
}
int num2 = s.IndexOf(':');
if (num2 == -1)
{
return false;
}
return true;
}

As you can see, any occurrence of ':' causes function to return true.
Unfortunately, the HyperLinkField does not have HtmlEncode property such as
BoundField or CheckBocField do. In order to resolve the issue, remove ':'
from datevaluesformatstring by specifying format string explicitly i.e.
~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
and then parsing query string using DateTime.ParseExact() method, or apply
HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
source

Hope this helps


Milosz
 
Hi there,

You can have as many data field as you want. The problem is caused by a
datetime field, which after evaluation contains ':'. I had a look at
System.Web.UI.WebControl.HyperLinkField class and it checks if evaluated URL
is potentially dangerous by calling
System.Web.CrossSiteScriptingValidation.IsDangerousUrl() method :

internal static bool IsDangerousUrl(string s)
{
if (string.IsNullOrEmpty(s))
{
return false;
}
s = s.Trim();
int num1 = s.Length;
if (((((num1 > 4) && ((s[0] == 'h') || (s[0] == 'H'))) && ((s[1] ==
't') || (s[1] == 'T'))) && (((s[2] == 't') || (s[2] == 'T')) && ((s[3] ==
'p') || (s[3] == 'P')))) && ((s[4] == ':') || (((num1 > 5) && ((s[4] == 's')
|| (s[4] == 'S'))) && (s[5] == ':'))))
{
return false;
}
int num2 = s.IndexOf(':');
if (num2 == -1)
{
return false;
}
return true;

}

As you can see, any occurrence of ':' causes function to return true.
Unfortunately, the HyperLinkField does not have HtmlEncode property such as
BoundField or CheckBocField do. In order to resolve the issue, remove ':'
from datevaluesformatstring by specifying format string explicitly i.e.
~/myage.aspx?id={0}&x={1}&y={2:yyyy-MM-dd hh-mm-ss}
and then parsing query string using DateTime.ParseExact() method, or apply
HTML encoding HttpServerUtlity.HtmlEncode() in data table you use as data
source

Hope this helps

Milosz



Vincent said:
Hi, I have a problem when I put the 3rd field into a hyperlink field
it does not show up. Here's my example:
This works and the url is:

<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>
but if I add a 3rd field (see below) to the
datanavigateurlformatstring This does not work and the url it produces
is:

with nothing after it.
<asp:HyperLinkField DataNavigateUrlFields="Whs-num,Dept,trx-date"
DataNavigateUrlFormatString="~/gl.aspx?whs={0}&dept={1}&date={2}"
DataTextField="Amount" HeaderText="Sku Value"
NavigateUrl="~/MemberPages/Accounting/glbalictrxtrans.aspx"
DataTextFormatString="{0:c}" >
<ItemStyle HorizontalAlign="Right" />
<FooterStyle HorizontalAlign="Right" />
</asp:HyperLinkField>
Any help would be appreciated. I should note that I use VS 2005 to
create the page. Thansk. vin.- Hide quoted text -

- Show quoted text -

That was it milosz, I changed the date format as specified above and I
was able to see it in the query string... Thanks for your help. -
Vincent.
 
Back
Top