HtmlEncode for GridHyperLinkColumn

6 posts, 1 answers
  1. Ian
    Ian avatar
    129 posts
    Member since:
    Jun 2009

    Posted 13 Aug 2010 Link to this post

    Hi, Is there any way to configure a GridHyperLinkColumn to HtmlEncode the contents of the DataTextField? Unlike the GridBoundColumn, it doesn't appear to have an HtmlEncode property. What's more, because HyperLink columns don't support databinding, I can't add encoding that way either. The only option I can see is to change the column type to a template column but I'd rather avoid that if possible.
  2. Tsvetina
    Admin
    Tsvetina avatar
    1874 posts

    Posted 19 Aug 2010 Link to this post

    Hello Ian,

    The HtmlEncode property is available only for GridBoundColumn and the columns that inherit it. This means that a GridTemplateColumn does not expose that property too. And I believe that using html encoding on a GridHyperlinkColumn would not make sense if the column would not provide a working hyperlink. So, my recommendation is that you use a regular GridBoundColumn for that purpose.

    Best wishes,
    Tsvetina
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Ian
    Ian avatar
    129 posts
    Member since:
    Jun 2009

    Posted 25 Aug 2010 Link to this post

    Tsvetina,
    Hi. Thanks for the reply. I agree that using an encoded value to form the Text property of hyperlink wouldn't normally make much sense. However, in this case the value is derived from a database column that could potentially include untrusted data and the customer doesn't want a malicious script ending up on the page. I can't change the database and I want to avoid having to read the database rows into an intermediate object and encoding the column using a property setter. So what I've done is to change the grid column type to a GridTemplateColumn and then encoded the value using:
      Text='<%# Server.HtmlEncode((string)Eval("ColumnName")) %>'

    Regards, Ian
  5. Answer
    Tsvetina
    Admin
    Tsvetina avatar
    1874 posts

    Posted 25 Aug 2010 Link to this post

    Hello Ian,

    I understand your concerns but in the current implementation of RadGrid the options are either use a GridBoundColumn-derived columns with HtmlEncode property set, or your approach- a GridTemplateColumn using the .NET HtmlEncode() method.

    Sincerely yours,
    Tsvetina
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Gopinath
    Gopinath avatar
    26 posts
    Member since:
    Apr 2009

    Posted 27 Nov 2010 Link to this post

    Hi,

    Do you have a list of HtmlEncode supported controls and properties, so we can include them in MS Anit-XSS module config file?

    Like u mention that only gridboundcolumns are supported, we need a list of controls and its sub-controls that are supported.

    Thanks,

    Gopi
  7. Tsvetina
    Admin
    Tsvetina avatar
    1874 posts

    Posted 02 Dec 2010 Link to this post

    Hi Gopinath,

    The RadControls which use the HtmlEncode property are RadGrid and RadTreeList, more specifically - all their columns that are inherited from GridBoundColumn\TreeListBoundColumn.

    Regards,
    Tsvetina
    the Telerik team
    Browse the vast support resources we have to jumpstart your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017