Hi,
I am working for Script injection in my project. suppose user enter some script in comment box which is free text (<script type="text/javascript">alert('Hi')</script>).
I used Server.HTMLEncode/HTMLDecode method to save in DB and show in text box respectively. But when I show in RadGrid with item template and Label control. It show alert instead of as text. Its working fine with simple textbox control but perhaps, issue with controls inside grid. One more thing I don't want to use ValidateRequest = false; any how as it may restrict to save such text.
Sample code I am using for Grid. I also tried in code behind with itemdatabound event of grid to bind Label.
Any suggestion???? Is there any property/Method of Grid to resolve this issue.
Thanks in advance.
I am working for Script injection in my project. suppose user enter some script in comment box which is free text (<script type="text/javascript">alert('Hi')</script>).
I used Server.HTMLEncode/HTMLDecode method to save in DB and show in text box respectively. But when I show in RadGrid with item template and Label control. It show alert instead of as text. Its working fine with simple textbox control but perhaps, issue with controls inside grid. One more thing I don't want to use ValidateRequest = false; any how as it may restrict to save such text.
Sample code I am using for Grid. I also tried in code behind with itemdatabound event of grid to bind Label.
<
ItemTemplate
>
<
asp:Label
ID
=
"lblComments"
runat
=
"server"
Text='<%#Server.HtmlDecode(Eval("Comments").ToString())%>' />
</
ItemTemplate
>
Any suggestion???? Is there any property/Method of Grid to resolve this issue.
Thanks in advance.