how do i stop a code block HtmlEncoding characters??

[Tim_Mac]

hi,
i have a group of individual radio buttons that i am running some
client-side code on for the onClick event. there is a URL generated by
a code block inside the onClick attribute. the problem is that when i
view-source on the page, .net has html-encoded the quote and ampersand
characters that are in the code block into " and &. i don't
want this to happen. they should stay as literal characters.

<asp:RadioButton onClick='<%#
"javascript:Record(\"../Select.asmx/EnterPreference?ID=" +
DataBinder.Eval(Container.DataItem, "Proposal Nbr").ToString() +
"&pref=3\")" %>' runat="server" Text="3rd Preference"
GroupName="Select1"></asp:RadioButton>

note that the characters in question are the opening and closing quotes
around the one parameter for the javascript Record function, and the
ampersand which is part of the querystring in the url. the javascript
function actually still works, but it is bad markup as far as i'm
concerned and i'd say older browsers wouldn't accept it.

i was able to work around the " character, by inserting a (char)39
instead of the literal quote \" but unfortunately (char)38 has no
effect on the ampersand, it still comes out as &amp;

how can i stop this behaviour? also, i would be interested to know why
..Net behaves like this. normally if i want this to happen, i use
HttpUtility.HtmlEncode, but for some reason this is happening behind
the scenes.

thanks in advance for any help
tim

 

[Steven Cheng[MSFT]]

Hi Tim_Mac,

Welcome to ASPNET newsgroup.
As for the encoding problem you mentioned, here are some of my
understanding:

The databinding code we put in the <%# ....%> block reply on the
programming language we used for developing the page, C# or VB.NET.... So
what's your page's language?

Based on my local test, I can successfully emebed the URL string with begin
and end quote into the page through databiding block , below are the code
snipeet I used( C# and VB.NET):

"PageUrl" is a public Page member(string type)
(PageUrl="mainpage.aspx?name=myname&class=myclass")
[c#]
============
<script language="jscript">
function Record(str)
{
alert(str);
}
</script>
....................
<INPUT type="button" value="Button"
onclick='<%# "Record(\"./" + PageUrl + "\")" %>'>

===============
C# use \" to escape ".


[vb.net]
============
<script language="jscript">
function Record(str)
{
alert(str);
}
</script>
..................
<INPUT type="button" value="Button" id="btn"
onclick='<%# "Record(""./" & PageUrl & """)" %>'/>
=====================

Since VB.NET use "" to escape ".

Both one will output
"./mainpage.aspx?name=myname&class=myclass"

Please have a try to see whether the above also works on your side. If
there're anything different or not clear, please feel free to post here.
Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Damien]

hi,
i have a group of individual radio buttons that i am running some
client-side code on for the onClick event. there is a URL generated by
a code block inside the onClick attribute. the problem is that when i
view-source on the page, .net has html-encoded the quote and ampersand
characters that are in the code block into &quot; and &amp;. i don't
want this to happen. they should stay as literal characters.

<asp:RadioButton onClick='<%#
"javascript:Record(\"../Select.asmx/EnterPreference?ID=" +
DataBinder.Eval(Container.DataItem, "Proposal Nbr").ToString() +
"&pref=3\")" %>' runat="server" Text="3rd Preference"
GroupName="Select1"></asp:RadioButton>

Okay, I don't know why you're getting the problem you've described, but
as a workaround have you considered:

<asp:RadioButton
onClick='javascript:Record(\"../Select.asmx/EnterPreference?ID=<%#
DataBinder.Eval(Container.DataItem, "Proposal
Nbr").ToString()%>&pref=3\")' runat="server" Text="3rd Preference"
GroupName="Select1"></asp:RadioButton>

which keeps all of the special characters outside of your code block?

Damien

 

[Tim_Mac]

hi Steven
thanks for the reply. your example works, but that is because it's a
html control, and there appears to be inconsistent behaviour for code
blocks in html controls and server controls.
if you change your input button to an asp:radiobutton, you should see
what i am talking about.

if it's a html input button, the html output is:
onclick='alert("./mainpage.aspx?name=myname&class=myclass")'
which is the correct output.

but if its an asp:radiobutton with an identical onclick event, the
source output is:
onclick="alert(&quot;./mainpage.aspx?name=myname&amp;class=myclass&quot"
which i am saying is not correct, because i never asked it to
htmlencode the " and & characters.

hopefully you can reproduce this at your end so you know what i'm on
about. the aspx source for my radio button is:
<asp:radiobutton Runat=server onclick='<%# "alert(\"./" + this.PageUrl
+ "\")" %>'></asp:radiobutton>

thanks
tim

 

[Tim_Mac]

by the way, the page language is C#
tim

 

[Steven Cheng[MSFT]]

Hi Tim,

Thanks for your response.
Yes, after some further research I've noticed that the test code I pasted
in the former message is a particular case. More exactly the
behavior(attribute value be html encoded) occurs on both Web Server
Controls or Html Server Controls, and for HtmlInputButton control the
"onclick" attribute is a particular case which will not be html encoded
when being rendered.

So current the actual cause of the behavior is because when the WebServer
Controls or Html Server Controls render themselves to HtmlTextWriter, it'll
call the AttributeCollection's Render method to render their Attributes
collection. Then,
the in the AttributeCollection's Render method, it'll enumerate all the
items in the collection and Call HttpUtility's

HttpUtility.HtmlAttributeEncode method to encode the attribute value.

That's why the " will be replaced by &quot;

Also, though the value will be html encoded, it won't break the url link's
behavior at clientside, we can still use it to redirect.
So what's the detail problem you met when using such encoded url? I think
we may need to find some other means to workaround it.

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Tim_Mac]

hi Steven,
i noticed that the javascript still worked, i just didn't like the idea
that my string was being html-encoded without me asking for it! many
thanks for the explanation. it is understandable too because if they
didn't do that, there would be lots of malformed aspx pages out there
with quotes and <>'s breaking tags and attributes.

i'm happy to leave it as is. if it works, don't fix it!!
i appreciate your detective work.
tim

 

[Tim_Mac]

i think the same thing happened. i guess the HtmlAttributeEncode method
grabs the whole attribute, not just the part in the code block, and
formats it as a whole attribute unit.
a good suggestion though, thanks for the input.
tim

 

[Steven Cheng[MSFT]]

Thanks your understanding Tim,

Good Luck!

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)