<telerik:GridTemplateColumn DataField="FIRSTANDLASTNAME"
HeaderText="[FIRSTANDLASTNAME]" SortExpression="FIRSTANDLASTNAME" UniqueName="FIRSTANDLASTNAME"
GroupByExpression="FIRSTANDLASTNAME GROUP BY FIRSTANDLASTNAME">
<ItemTemplate>
<asp:LinkButton ID="lnkFIRSTANDLASTNAME" runat="server" Text='<%# AntiXSSEncoder.HtmlEncode(this.GetDataFromContainer(Container.DataItem, "FIRSTANDLASTNAME")) %>'
OnCommand="ContactSelected_Command" />
</ItemTemplate>
</telerik:GridTemplateColumn>
The value I assign to "[FIRSTANDLASTNAME]" is a dynamic value from database based on language. I wanted it to be encoded so it will not be open to xss attacks.
/// Below fix works but I 10s of columns in differen pages. Is there a way to encode the value without encoding one by one via UniqueName ?
protected void MPViewGridContact_ItemCreated(object sender, GridItemEventArgs e)
{
if (e.Item is GridHeaderItem)
{
GridHeaderItem headerItem = e.Item as GridHeaderItem; var button = headerItem["FIRSTANDLASTNAME"].Controls[0] as LinkButton;
button.Text = AntiXSSEncoder.HtmlEncode(button.Text); } }
HeaderText="[FIRSTANDLASTNAME]" SortExpression="FIRSTANDLASTNAME" UniqueName="FIRSTANDLASTNAME"
GroupByExpression="FIRSTANDLASTNAME GROUP BY FIRSTANDLASTNAME">
<ItemTemplate>
<asp:LinkButton ID="lnkFIRSTANDLASTNAME" runat="server" Text='<%# AntiXSSEncoder.HtmlEncode(this.GetDataFromContainer(Container.DataItem, "FIRSTANDLASTNAME")) %>'
OnCommand="ContactSelected_Command" />
</ItemTemplate>
</telerik:GridTemplateColumn>
The value I assign to "[FIRSTANDLASTNAME]" is a dynamic value from database based on language. I wanted it to be encoded so it will not be open to xss attacks.
/// Below fix works but I 10s of columns in differen pages. Is there a way to encode the value without encoding one by one via UniqueName ?
protected void MPViewGridContact_ItemCreated(object sender, GridItemEventArgs e)
{
if (e.Item is GridHeaderItem)
{
GridHeaderItem headerItem = e.Item as GridHeaderItem; var button = headerItem["FIRSTANDLASTNAME"].Controls[0] as LinkButton;
button.Text = AntiXSSEncoder.HtmlEncode(button.Text); } }