Hi,
What is the deal with html encoding in RadDropDownList?
Can't make it work correctly...
I suppose that we should html encode the text property of the items?
But even if doing so, there will problems when selecting items...
See the following sample:
Code behind:
When selecting item 2 in the dropdown the alert will display (hello2) and the text in the dropdown will be empty.
Is there any workaround for this?
Regards
Andreas
What is the deal with html encoding in RadDropDownList?
Can't make it work correctly...
I suppose that we should html encode the text property of the items?
But even if doing so, there will problems when selecting items...
See the following sample:
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="dropdownlist.aspx.vb" Inherits="TestaTredjepartWeb.dropdownlist" %><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head runat="server"> <title></title></head><body> <form id="form1" runat="server"> <asp:ScriptManager ID="s" runat="server"> </asp:ScriptManager> <div> <telerik:RadDropDownList ID="ddl" runat="server"> </telerik:RadDropDownList> </div> </form></body></html>Code behind:
Public Class dropdownlist Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load ddl.Items.Add(New Telerik.Web.UI.DropDownListItem(HttpUtility.HtmlEncode("<script>alert('hello1');</script>"), "1")) ddl.Items.Add(New Telerik.Web.UI.DropDownListItem(HttpUtility.HtmlEncode("<script>alert('hello2');</script>"), "2")) End SubEnd ClassWhen selecting item 2 in the dropdown the alert will display (hello2) and the text in the dropdown will be empty.
Is there any workaround for this?
Regards
Andreas
9 Answers, 1 is accepted
0
Hello Andreas,
The experienced behavior is caused by a bug with the RadDropDownList, where the text content is evaluated once set in the "input " part of the control. The issue is already log for fixing, as a token of gratitude for this bug report your Telerik points are updated. As a temporary solution until the issue is fixed you could place the following script on the page where the RadDropDownList resides:
Regards,
Dimitar Terziev
Telerik
The experienced behavior is caused by a bug with the RadDropDownList, where the text content is evaluated once set in the "input " part of the control. The issue is already log for fixing, as a token of gratitude for this bug report your Telerik points are updated. As a temporary solution until the issue is fixed you could place the following script on the page where the RadDropDownList resides:
Telerik.Web.UI.RadDropDownList.prototype._updateTextElement = function(value) { var $element = $telerik.$(this.get_textElement()); if (value) { $element.text(value); $element.removeClass("rddlDefaultMessage"); } else { $element.html(this.get_defaultMessage()); $element.addClass("rddlDefaultMessage"); } this.get_element().value = value; }Regards,
Dimitar Terziev
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
Andreas
Top achievements
Rank 1
Rank 1
answered on 31 Oct 2013, 09:16 PM
Well, it almost works...
If setting the dropdown to autopostback and selecting the same item that was already selected, the text gets encoded twice.
Sample:
In this sample, when clicking the first item (that is already selected), the text gets encoded twice!
Any workaround for this also?
Regards
Andreas
If setting the dropdown to autopostback and selecting the same item that was already selected, the text gets encoded twice.
Sample:
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="dropdownlist.aspx.vb" Inherits="TestaTredjepartWeb.dropdownlist" %><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head runat="server"> <title></title></head><body> <form id="form1" runat="server"> <asp:ScriptManager ID="s" runat="server"> </asp:ScriptManager> <div> <telerik:RadDropDownList ID="ddl" runat="server" AutoPostBack="true"> </telerik:RadDropDownList> </div> <script type="text/javascript"> Telerik.Web.UI.RadDropDownList.prototype._updateTextElement = function (value) { var $element = $telerik.$(this.get_textElement()); if (value) { $element.text(value); $element.removeClass("rddlDefaultMessage"); } else { $element.html(this.get_defaultMessage()); $element.addClass("rddlDefaultMessage"); } this.get_element().value = value; } </script> </form></body></html>Public Class dropdownlist Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If Not Me.IsPostBack Then ddl.Items.Add(New Telerik.Web.UI.DropDownListItem(HttpUtility.HtmlEncode("<script>alert('hello1');</script>"), "1")) ddl.Items.Add(New Telerik.Web.UI.DropDownListItem(HttpUtility.HtmlEncode("<script>alert('hello2');</script>"), "2")) End If End SubEnd ClassIn this sample, when clicking the first item (that is already selected), the text gets encoded twice!
Any workaround for this also?
Regards
Andreas
0
Hi Andreas,
The official fix shall be included in the upcoming service pack.
Regards,
Dimitar Terziev
Telerik
The official fix shall be included in the upcoming service pack.
Regards,
Dimitar Terziev
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
ksuh
Top achievements
Rank 1
Veteran
Rank 1
Veteran
answered on 16 Nov 2013, 12:12 AM
This still doesn't work properly. This is using the latest service pack.
Make a dropdownlist with an item whose text has html tags in it. The html will be rendered and not escaped. This is rather problematic for obvious reasons.
Make a dropdownlist with an item whose text has html tags in it. The html will be rendered and not escaped. This is rather problematic for obvious reasons.
0
Hello,
By default the text of the DropDownItems is not encoded and this should be done manually. The fix included in the service pack addresses the issue that even encoded, the text content is evaluated when set to the "input".
@Andreas
The problem with the double encoding was not yet fixed, since the fix could introduce a breaking change. I shall try to provide an override which addresses this problem.
Regards,
Dimitar Terziev
Telerik
By default the text of the DropDownItems is not encoded and this should be done manually. The fix included in the service pack addresses the issue that even encoded, the text content is evaluated when set to the "input".
@Andreas
The problem with the double encoding was not yet fixed, since the fix could introduce a breaking change. I shall try to provide an override which addresses this problem.
Regards,
Dimitar Terziev
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
ksuh
Top achievements
Rank 1
Veteran
Rank 1
Veteran
answered on 19 Nov 2013, 05:49 PM
Doesn't matter if it's encoded - the html is rendered.
<telerik:RadDropDownList AutoPostBack="true" runat="server"> <Items> <telerik:DropDownListItem Text="1" /> <telerik:DropDownListItem Text="2" /> <telerik:DropDownListItem Text="3" /> <telerik:DropDownListItem Text="4" /> <telerik:DropDownListItem Text="<b>test</b>" Selected="true" /> </Items></telerik:RadDropDownList>0
Hi,
Attached is a sample page showing how to overcome the problem with the text encoding as well as the problem with the double encoding when the already selected item is selected again.
Regards,
Dimitar Terziev
Telerik
Attached is a sample page showing how to overcome the problem with the text encoding as well as the problem with the double encoding when the already selected item is selected again.
Regards,
Dimitar Terziev
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
Andreas
Top achievements
Rank 1
Rank 1
answered on 25 Nov 2013, 07:31 AM
Hi,
Your example is working, but not my example...
It seems like the "<"-char is working, but in my case we also have "'"-char and that still gets encoded twice (becomes ')...
Also problem with other more normal chars when using other than english, swedish ö gets encoded twice for example (becomes ö), this was actually our real problem that our end-users are experiencing!!!
Regards
Andreas
Your example is working, but not my example...
It seems like the "<"-char is working, but in my case we also have "'"-char and that still gets encoded twice (becomes ')...
Also problem with other more normal chars when using other than english, swedish ö gets encoded twice for example (becomes ö), this was actually our real problem that our end-users are experiencing!!!
Regards
Andreas
0
Hi Andreas,
In order to help you resolve the experienced issue, please open a support ticket and provide a sample project so we could inspect it locally.
Regards,
Dimitar Terziev
Telerik
In order to help you resolve the experienced issue, please open a support ticket and provide a sample project so we could inspect it locally.
Regards,
Dimitar Terziev
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.