Why does a Label control *not* UrlEncode its Text?

  • Thread starter Thread starter Kevin Frey
  • Start date Start date
K

Kevin Frey

Can anyone tell me the logical reason for the above. I've read the
documentation and made note of the fact that the Label might be used to
display user input, which might be malicious script etc, but I'd like to
know why the content isn't UrlEncoded for a Label control?

If one wants unencoded strings, shouldn't one be using LiteralControl
instead?
 
Kevin said:
Correction. I meant HtmlEncode.
Click to expand...

Short answer, the ASP.NET tags render as normal HTML controls (that your
web browser understands hence displays). These controls (text, textarea,
etc) pass plain text (it's the browser's behavior). It's been like that
since day 1. I don't see why they should/would HtmlEncode the text
either (and when you need it to, it's just a short string).
 
Broadest feature. As it is rendered it is legal to assingn HTML code to a
label. Encoding would have prevent to do something that is legal and would
have forced to use another soltuion.

As a side note, ASP..NET prevents to submit HTML tags in form fields by
default...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AutoUpdate Label Control? 7
Can set but not read contents of a label! 1
How to make a GridView item label wrap on long text strings? 1
Page error duplicating Joe Stangler's sample HTML page. . . ? 2
Init Handler Not Firing After Page_Init 10
Hijack DataBoundLiteralControl 1
Controls 3
Is there a simpler way (trick) to create composite controls ? 5

Back
Top