What's wrong with ASP.NET? HTML encoding

Amazing, and undocumented

Anthony Berglas — Tue, 29 Sep 2009 08:21:41 GMT

I just thought I had better check, and was also shocked that label does not encode. And none of the examples mention it. And this is 2009!

Inconsistent is even worse than none. Thanks for the table.

I think we need the PHP hack -- never accept odd characters in input, and hope all input comes through such a filter. PHP abandoned that some years ago for good reason.

I hope LINQ does a better job of SQL injection attacks.

re: What's wrong with ASP.NET? HTML encoding

Shocked — Mon, 13 Jul 2009 07:29:14 GMT

I'm shocked the Label control doesn't encode.

re: What's wrong with ASP.NET? HTML encoding

Sacha — Wed, 03 Sep 2008 00:16:04 GMT

You might want to review my post about ASP.NET encoding.

blogs.msdn.com/.../which-asp-net-controls-automatically-encodes.aspx

Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Fri, 21 Mar 2008 21:21:55 GMT

Pingback from Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Scott Hanselman's Computer Zen — Fri, 21 Mar 2008 21:21:53 GMT

Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Fri, 21 Mar 2008 21:20:54 GMT

Pingback from Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Scott Hanselman's Computer Zen — Fri, 21 Mar 2008 21:20:51 GMT

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

ASPInsiders — Fri, 21 Mar 2008 20:36:28 GMT

And so, Dear Reader, I present to you twenty-first in a infinite number of posts of " The Weekly

Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Fri, 21 Mar 2008 20:28:46 GMT

Pingback from Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Scott Hanselman's Computer Zen — Fri, 21 Mar 2008 20:28:43 GMT

Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Fri, 21 Mar 2008 20:26:37 GMT

Pingback from Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Scott Hanselman's Computer Zen — Fri, 21 Mar 2008 20:26:34 GMT

Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Fri, 21 Mar 2008 20:14:54 GMT

Pingback from Scott Hanselman's Computer Zen - The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

The Weekly Source Code 21 - ASP.NET MVC Preview 2 Source Code

Scott Hanselman's Computer Zen — Fri, 21 Mar 2008 20:14:52 GMT

re: What's wrong with ASP.NET? HTML encoding

calinoiu — Sun, 09 Dec 2007 13:16:47 GMT

Thanks for the heads-up about the single-line text box encoding. Given that the double-encoding example in the "Workarounds" section depends on attribute-encoding in a single-line textbox, I must have been completely asleep at the wheel when I populated that line of the table. It's fixed now...

re: What's wrong with ASP.NET? HTML encoding

Sachin — Mon, 09 Jul 2007 18:56:59 GMT

Errata : (for ASP.NET 2.0)

single-line TextBox value is attribute encoded.

multi-line TextBox value is html encoded.

re: What's wrong with ASP.NET? HTML encoding

Nick — Mon, 02 Jul 2007 16:29:59 GMT

I'm running into the same problem with a script I'm designing. This is very agrivating and I hope they do fix this is 3.0.