Hi, Is there any way to configure a GridHyperLinkColumn to HtmlEncode the contents of the DataTextField? Unlike the GridBoundColumn, it doesn't appear to have an HtmlEncode property. What's more, because HyperLink columns don't support databinding, I can't add encoding that way either. The only option I can see is to change the column type to a template column but I'd rather avoid that if possible.
5 Answers, 1 is accepted
0
Hello Ian,
The HtmlEncode property is available only for GridBoundColumn and the columns that inherit it. This means that a GridTemplateColumn does not expose that property too. And I believe that using html encoding on a GridHyperlinkColumn would not make sense if the column would not provide a working hyperlink. So, my recommendation is that you use a regular GridBoundColumn for that purpose.
Best wishes,
Tsvetina
the Telerik team
The HtmlEncode property is available only for GridBoundColumn and the columns that inherit it. This means that a GridTemplateColumn does not expose that property too. And I believe that using html encoding on a GridHyperlinkColumn would not make sense if the column would not provide a working hyperlink. So, my recommendation is that you use a regular GridBoundColumn for that purpose.
Best wishes,
Tsvetina
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
0
Ian
Top achievements
Rank 1
Rank 1
answered on 25 Aug 2010, 11:43 AM
Tsvetina,
Hi. Thanks for the reply. I agree that using an encoded value to form the Text property of hyperlink wouldn't normally make much sense. However, in this case the value is derived from a database column that could potentially include untrusted data and the customer doesn't want a malicious script ending up on the page. I can't change the database and I want to avoid having to read the database rows into an intermediate object and encoding the column using a property setter. So what I've done is to change the grid column type to a GridTemplateColumn and then encoded the value using:
Text='<%# Server.HtmlEncode((string)Eval("ColumnName")) %>'
Regards, Ian
Hi. Thanks for the reply. I agree that using an encoded value to form the Text property of hyperlink wouldn't normally make much sense. However, in this case the value is derived from a database column that could potentially include untrusted data and the customer doesn't want a malicious script ending up on the page. I can't change the database and I want to avoid having to read the database rows into an intermediate object and encoding the column using a property setter. So what I've done is to change the grid column type to a GridTemplateColumn and then encoded the value using:
Text='<%# Server.HtmlEncode((string)Eval("ColumnName")) %>'
Regards, Ian
0
Accepted
Hello Ian,
I understand your concerns but in the current implementation of RadGrid the options are either use a GridBoundColumn-derived columns with HtmlEncode property set, or your approach- a GridTemplateColumn using the .NET HtmlEncode() method.
Sincerely yours,
Tsvetina
the Telerik team
I understand your concerns but in the current implementation of RadGrid the options are either use a GridBoundColumn-derived columns with HtmlEncode property set, or your approach- a GridTemplateColumn using the .NET HtmlEncode() method.
Sincerely yours,
Tsvetina
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
0
Gopinath
Top achievements
Rank 1
Rank 1
answered on 27 Nov 2010, 09:04 PM
Hi,
Do you have a list of HtmlEncode supported controls and properties, so we can include them in MS Anit-XSS module config file?
Like u mention that only gridboundcolumns are supported, we need a list of controls and its sub-controls that are supported.
Thanks,
Gopi
Do you have a list of HtmlEncode supported controls and properties, so we can include them in MS Anit-XSS module config file?
Like u mention that only gridboundcolumns are supported, we need a list of controls and its sub-controls that are supported.
Thanks,
Gopi
0
Hi Gopinath,
The RadControls which use the HtmlEncode property are RadGrid and RadTreeList, more specifically - all their columns that are inherited from GridBoundColumn\TreeListBoundColumn.
Regards,
Tsvetina
the Telerik team
The RadControls which use the HtmlEncode property are RadGrid and RadTreeList, more specifically - all their columns that are inherited from GridBoundColumn\TreeListBoundColumn.
Regards,
Tsvetina
the Telerik team
Browse the vast support resources we have to jumpstart your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.