Stop ASP.NET HtmlEncoding things automatically

[Guest]

How can I stop ASP.NET Encoding things automatically?

e.g if I create a button in my code and add the following attribute

objNewButton.Attributes.Add("onClick", "GotoUrl('http://test.asp?X=1&Y=2');");

Then When the button is rendered into HTML the output is something like this

onClick="GotoUrl('http://test.asp?X=1&Y=2);"

Which obviously messes up the parameters in the querystring.

Is there any escape code I can pass to tell ASP.Net to leave the string alone?

 

[Guest]

Hmm - seems this forum has its own issues with encoding/decoding!

The problem is that & is converted to &amp + semi colon!

 

[Ollie Riches]

check out turning off request validation for the page

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html
/scriptingprotection.asp

HTH

Ollie Riches

 

[Guest]

Hi Ollie,

So far as I can see all that will allow me to do is allow users to submit
HTML in a form?

I don't see how that would help my problem?

Cheers,

Martin

 

[IPGrunt]

Hmm - seems this forum has its own issues with encoding/decoding!

The problem is that & is converted to &amp + semi colon!

As far as what you're currently seeing, it's probably your browser's display
that's encoding the ampersands, etc. It's a bug.

Use a Newsreader like Agent or Xnews, and everything will look OK.

-- ipgrunt

 

[Alan Silver]

Martin,

Maybe you won't like this answer, but I'll tell you anyway!!

Just for once, MS actually got it right with HTML. Instead of assuming
that the world works the MS way, they actually did something to conform
to W3C specifications.

The HTML spec says that all special characters must be HTML-encoded. The
URL that you showed was in fact invalid HTML. In HTML, the ampersand
denotes the start of a special HTML entity. Your URL would be
interpreted as containing the special HTML entity &Y, which doesn't
exist. Now, most browsers (including IE) will ignore an entity that they
don't recognise, so you won't have any problems. Some browsers may
adhere more strictly to the specs and try and interpret it as an entity.
When they don't recognise it, they will simply ignore it. This will
cause problems. If, at some point in the future you have a querystring
parameter that coincides with an HTML entity name (say like "pound"),
then your parameter will be interpreted as the entity and your scripting
will break.

So, in conclusion, what you are seeing is the system fixing your invalid
code. If you want to do it right, then you should have used & in the
first place, as this is the HTML entity for an ampersand. Since you
didn't, it was changed for you.

Hope this helps.

Alan

 

[Alan Silver]

As far as what you're currently seeing, it's probably your browser's

display that's encoding the ampersands, etc. It's a bug.

Nope, the & is valid HTML. What he used wasn't. This is a rare case
of MS adhering to the HTML specs instead of doing it their way.