ASP.NET 2.0 FormView with

S

sck10

Hello,

I have two FormViews that I am using. One is used just to show some data,
so it is always in ItemTemplate view. The second FormView is used as an
approval section for the first FormView. In the first FormView I am showing
the name wrapped in a html email tag coming from SQL Server. The problem
that I am having is that when I click the "update" or "cancel" link in the
second FormView, I get the "potentially dangerous" error statement. My
question is there a way to wrap the email link so that I don't get this
error and am able to use the email link?
--
Thanks in advance,

sck10


From SQL Server
-------------------
'<a href="mailto:' + Email + '">' + FirstName + ' ' + LastName + '</a>' +
'&nbsp;' AS 'strNameTel'

<ItemTemplate>
<tr>
<asp:Label ID="lblNameEmailItem" Text='<%# Eval("strNameTel") %>'
runat="server" /></td>
</tr>

Error Statement
 
S

Steven Cheng[MSFT]

Hi Sck10,

Thank you for posting.

Regarding on the FormView databindig warning issue you mentioned, based on
my experience, it is caused by the ASP.NET Label control's security code
validation. In your case, you dynamically generate some html markup code in
T-SQL and output it onto ASP.NET page through a Label. Since Label control
does not do htmlencoding on the text bound to it, the runtime will alert
warning if he detect any markup or script code(since the code or script may
come from malicious users ).

So for your scenario, if you want to add such dynamic email link, I
strongly recommend you consider construncting the email link in ASP.NET
databinding stage. You can either use a ASP.NET built-in hyperlink control
or just use string concatenate. For example, below is the code snippet on
using hyperlink control with databinding expression to construct such a
email link from database fields:

<asp:HyperLink ID="HyperLink1" runat="server"
Text='<%# Eval("fname") + " " + Eval("lname") %>'
NavigateUrl='<%# Eval("email","mailto:{0}")
%>'></asp:HyperLink>


Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FormView 1
Formview inside of a User Control 1
adding a table to formview 3
ASP.NET 2.0: Bind ArrayList to FormView Control 3
why does this formview not appear? 1
FormView Control 2
GridView inside FormView cannot get into Edit Mode 0
Getting value from FormView 8

Top