Click to Rate and Give Feedback
MSDN
MSDN Library
.NET Development
.NET Framework 3.5
BoundField Class
 HtmlEncode Property
Collapse All/Expand All Collapse All
This page is specific to
Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:
.NET Framework Class Library
BoundField..::.HtmlEncode Property

Gets or sets a value indicating whether field values are HTML-encoded before they are displayed in a BoundField object.

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)
Visual Basic (Declaration)
Public Overridable Property HtmlEncode As Boolean
Visual Basic (Usage)
Dim instance As BoundField
Dim value As Boolean

value = instance.HtmlEncode

instance.HtmlEncode = value
C#
public virtual bool HtmlEncode { get; set; }
Visual C++
public:
virtual property bool HtmlEncode {
    bool get ();
    void set (bool value);
}
JScript
public function get HtmlEncode () : boolean
public function set HtmlEncode (value : boolean)

Property Value

Type: System..::.Boolean
true if field values are HTML-encoded before they are displayed in a BoundField object; otherwise, false. The default is true.

Use the HtmlEncode property to specify whether field values are HTML-encoded to their respective string representations before they are displayed in a BoundField object.

NoteNote:

HTML-encoding field values helps to prevent cross-site scripting attacks and malicious content from being displayed. This property should be enabled whenever possible.

The following code example demonstrates how to use the HtmlEncode property to prevent field values from being HTML-encoded before being displayed in a BoundField object.

Visual Basic
<%@ Page language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  >
  <head runat="server">
    <title>BoundField Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <h3>BoundField Example</h3>

      <asp:gridview id="CustomersGridView" 
        datasourceid="CustomersSqlDataSource" 
        autogeneratecolumns="false"
        allowpaging="true" 
        runat="server">

        <columns>
          <asp:boundfield datafield="CustomerID"
            readonly="true"      
            headertext="Customer ID"/>
          <asp:boundfield datafield="CompanyName"
            htmlencode="false"
            headertext="Customer Name"/>
          <asp:boundfield datafield="Address"
            htmlencode="false"
            headertext="Address"/>
          <asp:boundfield datafield="City"
            htmlencode="false"
            headertext="City"/>
          <asp:boundfield datafield="PostalCode"
            htmlencode="false"
            headertext="ZIP Code"/>
          <asp:boundfield datafield="Country"
            htmlencode="false"
            headertext="Country"/>
        </columns>

      </asp:gridview>

      <!-- This example uses Microsoft SQL Server and connects  -->
      <!-- to the Northwind sample database. Use an ASP.NET     -->
      <!-- expression to retrieve the connection string value   -->
      <!-- from the Web.config file.                            -->
      <asp:sqldatasource id="CustomersSqlDataSource"  
        selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
        connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
        runat="server">
      </asp:sqldatasource>

    </form>
  </body>
</html>

C#
<%@ Page language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  >
  <head runat="server">
    <title>BoundField Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <h3>BoundField Example</h3>

      <asp:gridview id="CustomersGridView" 
        datasourceid="CustomersSqlDataSource" 
        autogeneratecolumns="false"
        allowpaging="true" 
        runat="server">

        <columns>
          <asp:boundfield datafield="CustomerID"
            readonly="true"      
            headertext="Customer ID"/>
          <asp:boundfield datafield="CompanyName"
            htmlencode="false"
            headertext="Customer Name"/>
          <asp:boundfield datafield="Address"
            htmlencode="false"
            headertext="Address"/>
          <asp:boundfield datafield="City"
            htmlencode="false"
            headertext="City"/>
          <asp:boundfield datafield="PostalCode"
            htmlencode="false"
            headertext="ZIP Code"/>
          <asp:boundfield datafield="Country"
            htmlencode="false"
            headertext="Country"/>
        </columns>

      </asp:gridview>

      <!-- This example uses Microsoft SQL Server and connects  -->
      <!-- to the Northwind sample database. Use an ASP.NET     -->
      <!-- expression to retrieve the connection string value   -->
      <!-- from the Web.config file.                            -->
      <asp:sqldatasource id="CustomersSqlDataSource"  
        selectcommand="Select [CustomerID], [CompanyName], [Address], [City], [PostalCode], [Country] From [Customers]"
        connectionstring="<%$ ConnectionStrings:NorthWindConnectionString%>"
        runat="server">
      </asp:sqldatasource>

    </form>
  </body>
</html>

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Sample does nothing useful.      ricka0   |   Edit   |   Show History
The Sample does nothing useful. Please provide a sample where you would want to use HTML encoding - and where you would want to disable it) - and why. If they both produce the same output, why would you bother to disable it and open yourself to XSS.
Processing
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker