Text Property
.NET Framework Class Library
Label..::.Text Property

Gets or sets the text content of the Label control.

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)
 Syntax
Visual Basic (Declaration) 
<PersistenceModeAttribute(PersistenceMode.InnerDefaultProperty)> _
<BindableAttribute(True)> _
Public Overridable Property Text As String
Visual Basic (Usage) 
Dim instance As Label
Dim value As String

value = instance.Text

instance.Text = value
C# 
[PersistenceModeAttribute(PersistenceMode.InnerDefaultProperty)]
[BindableAttribute(true)]
public virtual string Text { get; set; }
Visual C++ 
[PersistenceModeAttribute(PersistenceMode::InnerDefaultProperty)]
[BindableAttribute(true)]
public:
virtual property String^ Text {
    String^ get ();
    void set (String^ value);
}
JScript 
public function get Text () : String
public function set Text (value : String)
ASP.NET 
<asp:Label Text="String" />

Property Value

Type: System..::.String
The text content of the control. The default value is String..::.Empty.

Implements

ITextControl..::.Text
 Remarks

Use the Text property to specify or determine the text content of the Label control. This property is commonly used to programmatically customize the text that is displayed in the Label control. The Text property can include HTML.

NoteNote:

Setting the Text property will clear any other controls contained in the Label control.

Security noteSecurity Note:

This control can be used to display user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

The value of this property, when set, can be saved automatically to a resource file by using a designer tool. For more information, see LocalizableAttribute and ASP.NET Globalization and Localization.

This property is the default property that a ControlParameter object binds to at run time. For more information, see ControlValuePropertyAttribute, ControlParameter, and Using Parameters with Data Source Controls.

TopicLocation
How to: Add Label Web Server Controls to a Web Forms PageBuilding ASP .NET Web Applications
How to: Add Label Web Server Controls to a Web Forms PageBuilding ASP .NET Web Applications
How to: Add Label Web Server Controls to a Web Forms PageBuilding ASP .NET Web Applications in Visual Studio
How to: Add Label Web Server Controls to a Web Forms PageBuilding ASP .NET Web Applications in Visual Studio
How to: Add Label Web Server Controls to a Web Forms Page (Visual Studio)Building ASP .NET Web Applications in Visual Studio
Walkthrough: Creating a Basic Control Designer for a Web Server ControlAuthoring ASP.NET Controls
Walkthrough: Creating a Basic Control Designer for a Web Server ControlAuthoring ASP.NET Controls
Walkthrough: Creating a Basic Control Designer for a Web Server ControlBuilding ASP .NET Web Applications in Visual Studio
Walkthrough: Creating a Basic Control Designer for a Web Server ControlBuilding ASP .NET Web Applications in Visual Studio
 Examples

The following example demonstrates how to create a new instance of the Label control and set its Text property.

NoteNote:

The following code sample uses the single-file code model and may not work correctly if copied directly into a code-behind file. This code sample must be copied into an empty text file that has an .aspx extension. For more information on the Web Forms code model, see ASP.NET Web Page Code Model.

Visual Basic 
<%@ Page Language="VB" AutoEventWireup="True" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  >
 <head>
    <title>Label Example</title>
<script language="VB" runat="server">
         Sub Button1_Click(Sender As Object, e As EventArgs)
            Dim l2 As New Label()
            l2.Text = "This is a new Label"
            l2.BorderStyle = BorderStyle.Solid
            Page.Controls.Add(l2)
         End Sub
     </script>

 </head>
 <body>
     <h3>Label Example</h3>
     <form id="form1" runat="server">

         <asp:Button id="Button1" Text="Create and Show a Label" 
         OnClick="Button1_Click" Runat="server"/>

     </form>
 </body>
 </html>
C# 
<%@ Page Language="C#" AutoEventWireup="True" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  >
 <head>
    <title>Label Example</title>
<script language="C#" runat="server">
         void Button1_Click(Object Sender, EventArgs e) {
            Label l2 = new Label();
            l2.Text = "This is a new Label";
            l2.BorderStyle = BorderStyle.Solid;    
            Page.Controls.Add(l2);
         }
     </script>

 </head>
 <body>
     <h3>Label Example</h3>
     <form id="form1" runat="server">

         <asp:Button id="Button1" Text="Create and Show a Label" 
         OnClick="Button1_Click" Runat="server"/>

     </form>
 </body>
 </html>
JScript 
<%@ Page Language="JScript" AutoEventWireup="True" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  >
 <head>
    <title>Label Example</title>
<script language="JScript" runat="server">
         function Button1_Click(Sender : Object, e : EventArgs) {
            var l2 : Label = new Label();
            l2.Text = "This is a new Label";
            l2.BorderStyle = BorderStyle.Solid;    
            Page.Controls.Add(l2);
         }
     </script>

 </head>
 <body>
     <h3>Label Example</h3>
     <form id="form1" runat="server">

         <asp:Button id="Button1" Text="Create and Show a Label" 
         OnClick="Button1_Click" Runat="server"/>

     </form>
 </body>
 </html>
 Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
 Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0
 See Also

Reference

Label Class
Label Members
System.Web.UI.WebControls Namespace

Other Resources

Label Web Server Control Overview
Securing Standard Controls
How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings
Validating User Input in ASP.NET Web Pages
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Security issues not clear in documentation      Shadow Chaser ... Stanley Roark   |   Edit   |   Show History

The documentation for this control is not clear and could lead to security problems

It states "This control can be used to display user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements."

It's not completely clear what it's talking about - but the "Label" control does NOT "html encode" the contents of the label property. ASP.net validation ONLY prevents potentially input, not display. Make sure you always encode the contents of this control.

Unfortunately, nothing in the documentation clearly states that the contents of this control will not be encoded. It states that "The text property can contain HTML" but it never states whether the HTML is encoded or passed through


<asp:Label ID="Test" runat="server" Text="<script>alert('If this is user-created content, your site\'s been hacked')</script>"/>

Flag as ContentBug
Page view tracker