Export (0) Print
Expand All
2 out of 6 rated this helpful - Rate this topic

BoundField.HtmlEncode Property

Note: This property is new in the .NET Framework version 2.0.

Gets or sets a value indicating whether field values are HTML-encoded before they are displayed in a BoundField object.

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in system.web.dll)

'Declaration
Public Overridable Property HtmlEncode As Boolean
'Usage
Dim instance As BoundField
Dim value As Boolean

value = instance.HtmlEncode

instance.HtmlEncode = value
/** @property */
public boolean get_HtmlEncode ()

/** @property */
public void set_HtmlEncode (boolean value)

public function get HtmlEncode () : boolean

public function set HtmlEncode (value : boolean)

Property Value

true if field values are HTML-encoded before they are displayed in a BoundField object; otherwise, false. The default is true.

Use the HtmlEncode property to specify whether field values are HTML-encoded to their respective string representations before they are displayed in a BoundField object.

NoteNote

HTML-encoding field values helps to prevent cross-site scripting attacks and malicious content from being displayed. This property should be enabled whenever possible.

The following code example demonstrates how to use the HtmlEncode property to prevent field values from being HTML-encoded before being displayed in a BoundField object.


<%@ Page language="C#" %>

<html>
  <body>
    <form runat="server">
        
      <h3>BoundField Example</h3>

      <asp:gridview id="CustomersGridView" 
        datasourceid="CustomersSqlDataSource" 
        autogeneratecolumns="false"
        allowpaging="true" 
        runat="server">
         
        <columns>
          <asp:boundfield datafield="CustomerID"
            readonly="true"      
            headertext="Customer ID"/>
          <asp:boundfield datafield="CompanyName"
            htmlencode="false"
            headertext="Customer Name"/>
          <asp:boundfield datafield="Address"
            htmlencode="false"
            headertext="Address"/>
          <asp:boundfield datafield="City"
            htmlencode="false"
            headertext="City"/>
          <asp:boundfield datafield="PostalCode"
            htmlencode="false"
            headertext="ZIP Code"/>
          <asp:boundfield datafield="Country"
            htmlencode="false"
            headertext="Country"/>
        </columns>
                
      </asp:gridview>
            
      <!-- This example uses Microsoft SQL Server and connects  -->
      <!-- to the Northwind sample database. Use an ASP.NET     -->
      <!-- expression to retrieve the connection string value   -->
      <!-- from the Web.config file.                            -->
      <asp:sqldatasource id="CustomersSqlDataSource"  
        selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
        connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
        runat="server">
      </asp:sqldatasource>
            
    </form>
  </body>
</html>


Windows 98, Windows 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.