Solved

Add <br/> from code behind in .net

Posted on 2012-03-26
20
1,134 Views
Last Modified: 2012-03-27
I have two string in .net


string firststring =" my first value"

string secondstring = "my second value";

I want to but <br> in between two string from code behind in .net.

If I am trying to put like this way firststring +"<br/>" + secondstring;

.net giving me potenntially dengerus request.

Please guide me to use another way to add <br/>
0
Comment
Question by:itinfo7
20 Comments
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37769388
firststring + Environment.NewLine() + secondstring
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37769392
http://www.dotnetperls.com/newline

Also, as stated on the site, \r\n  could work.

That's Environment.NewLine without the parenthesis.
0
 

Author Comment

by:itinfo7
ID: 37769405
I tried both but in my case none of this is working.............
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37769416
I just tested. This worked:

            string firststring = "my first value";
            string secondstring = "my second value";
            testLbl.Text = firststring + "<br/>" + secondstring;
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37769447
I need some context. The "<br/>" worked for me perhaps because I assigned it to a label text. "Potentially dangerous request" could result from trying to submit a "<br/>" inside a form value. Is there validation in between?
0
 

Author Comment

by:itinfo7
ID: 37769465
there is no validation in between even I am assigning my string value to Asp hidden field..than also it is giving me error.

don' know what should I try..
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37769477
An asp:HiddenField holds a form value. Adding HTML markup to it like a "<br/>"  could throw that error when is posted back. Asp.net has built-in validation for such things. It can be turned off, but it's not recommended.

Why would you need a line break in a hidden field? Maybe there is another way, like comma separated values that you can split later on the comma.
0
 
LVL 16

Expert Comment

by:Vikram Singh Saini
ID: 37769583
1. Disable request validation for page by <%@ Page validateRequest="false" %> for single page or by :

<system.web>
      <pages validateRequest="false" />
   </system.web>

for all pages. But this is not recommended because it ensures checking of user submitted content to prevent script attack.

2. However you can use this way if you can encode all client side submitted content, so that there is no chance of script attack.

3. You should read link : Request Validation - Preventing Script Attacks which explains nicely how you can prevent potential request error by alternate way.
0
 
LVL 18

Expert Comment

by:Jerry Miller
ID: 37769603
Try using the StringBuilder class. I rarely (if ever)ever concatenate two strings.

AppendLine() adds a new line between the strings.

http://msdn.microsoft.com/en-us/library/ebk18257.aspx
0
 
LVL 9

Expert Comment

by:gery128
ID: 37769888
@itinfo7
Agreed with tommyBoy.
Why you need <br/> tag in ASP:HiddenField ? you want to separate out than you can use any other delimiter and then process those values after form submitted to server. So before inserting to database in your business logic layer you can replace your Comma or any other delimiter with ",<br/>" tag.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 7

Expert Comment

by:dhawalseth
ID: 37769899
Hi ITINFO7,

You can use string.Format to do this for you. Try this:

outString = string.Format("{0} <br/> {1}", string1, string2);

Mark it as answer if helpful.
0
 
LVL 1

Expert Comment

by:alrosmarz
ID: 37771493
if you want to use <br /> in codebehind and render it in the page... you need to use a literal... this control renders html...

var string1  = "first line";
var string2 = "second line";
litetal1.text = string1 + "<br />" + string2;

the result will be...

first line
secondline
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37771519
I think some are missing the point here. The problem is not how to get the "<br/>" into the string. The problem is that having the "<br/>" inserted into a form field is causing a Potentially dangerous request error. The two choices for a solution are 1.) Use a different delimiter like a comma or, 2.) Turn off validation on the page as detailed in ID: 37769583.
0
 

Author Comment

by:itinfo7
ID: 37771900
@tommyBoy I think so I have to use different delimiter.with "<br/>" I want to start second string with newline that's the reason I am trying with "<br/>".
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37771968
It depends what you are doing with the hidden field value. If you are retrieving it in code behind, you can use any char that will get past the validator as a delimiter (comma) then split the value into separate parts with String.Split(','). If you only need to display it client side instead, you can still use the delimiter and split on the delimiter and replace it with the "<br/>" or "\r\n" using javascript.
0
 

Author Comment

by:itinfo7
ID: 37772123
@tommyBoy I have hidden field which I am assign the value of string and than I am using this hiddenfield value in Jquery to assign to another control and than that control's value is going back to code behind to add into the database.SO it's back and fourth from client side to code behind.

So If I replace comma(,) with ("<br/>") on client side than also it is giving me error because again it's going to code behind.
0
 
LVL 38

Accepted Solution

by:
Tom Beck earned 500 total points
ID: 37772175
Right, so leave the hidden value alone with it's comma delimiter. When you need to assign it to another control retrieve the value to a new variable, replace the comma with a "<br/>" and assign. When you need jquery to post back the value, get it again from the hidden field value and post with the commas intact. Split it code behind to retrieve the individual values.
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37772281
Using a comma as a delimiter was just an example. If the strings you are adding contain commas as part of the string, your screwed unless you convert the commas to entities or remove them. Example: "this is my first string,this is my second string". This will split the way you expect on the comma into two values, but "this, is my first string,this is my second string" will split unexpectedly into three values.  You may want to use some other character that you know will never be entered as a value or can be easily tested for.

ValidateRequest only checks for these few things in asp.net 2.0:

&#
<alpha, <!, </, <?
Looks for these starting characters (‘<’, ‘&’)

So any other character could be used as a delimiter.
0
 

Author Comment

by:itinfo7
ID: 37772318
@tommyBoy...yeah that is why I am using pipe(|) .thanks for the solution
0
 
LVL 38

Expert Comment

by:Tom Beck
ID: 37772340
Smart! Thanks for the points.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now