I cannot get the HTMLEncode method to work when using it on a transformation.
I have this line of code:
<div class="ArticleHeader blue"><p style="padding-bottom:5px;"><%# HTMLEncode((string)Eval("NewsTitle",true)) %></p></div>
So anything in the field NewsTitle with html e.g. <sup>®</sup> should be encoded and displayed correctly without seeing the tags, it correctly converts the ® into ® but the html tags are still displaying and have not been translated.
Any help is much appreciated.
Eval("NewsTitle",true) already encodes, replace <%# HTMLEncode((string)Eval("NewsTitle",true)) %> with <%# HTMLEncode((string)Eval("NewsTitle")) %>
or just <%# Eval("NewsTitle",true) %> :)
That's exactly what I had originally (this is what the transformation has by default) and it didn't work which is why I thought I needed the encode method around it.
So would you think this may be a bug?
If they are entering HTML in a textbox/area and you want to render it as HTML, then simply use Eval("NewsTitle") as long as you trust the user will enter non-rogue HTML. When you encode it your telling it to essentially remove the HTML and add back friendly HTML characters that won't render the actual HTML. For instance <br> will render <br> which will not give you what you want. If you are concerned about XSS then use a library like Micorosft AntiXSS. This will give you a method to get back safe html fragments, very helpful.
Please, sign in to be able to submit a new answer.