Server.HtmlEncode on ASPX page for TextArea size
Hi,
I have a question and I'm not sure what the best tact is for this.
I have a TextArea input on a page. This textarea has a maxsize of 500 characters.
<asp:TextBox ID="TxtOther" Width="530px" TextMode="MultiLine" Style="word-wrap: break-word;
height: 300px; overflow: auto; vertical-align: top" runat="server" AutoComplete="off" MaxLength="500" />
Now, the bad thing is on the code-behind it will take the text entered and do a Server.HtmlEncode of of.
The situation is this (for example): the user can enter like 499 characters in the textarea and that that includes a "<" sign. Obviously, the < when encoded with have the <. That puts the length of the text entered greater than 500.
How can I have the code on the client-side encode the text entered to validate that it's still less than 500 after the encoding? I am willing to just truncate whatever is over 500 characters.
What are the best approaches?
I have a question and I'm not sure what the best tact is for this.
I have a TextArea input on a page. This textarea has a maxsize of 500 characters.
<asp:TextBox ID="TxtOther" Width="530px" TextMode="MultiLine" Style="word-wrap: break-word;
height: 300px; overflow: auto; vertical-align: top" runat="server" AutoComplete="off" MaxLength="500" />
Now, the bad thing is on the code-behind it will take the text entered and do a Server.HtmlEncode of of.
The situation is this (for example): the user can enter like 499 characters in the textarea and that that includes a "<" sign. Obviously, the < when encoded with have the <. That puts the length of the text entered greater than 500.
How can I have the code on the client-side encode the text entered to validate that it's still less than 500 after the encoding? I am willing to just truncate whatever is over 500 characters.
What are the best approaches?
Randy Poole
I am assuming your storing this in a DB. In reality the best way to handle this would be to increase the size of your database field which is holding this text.
ASKER
Yes, eventually it will go into a DB. But I cannot change that.
So, what other means on the non-DB side between code-behind and aspx can this be done?
I have tried client-side htmlencoding schemes but they do not all appear to function or provide the same output as the Server.htmlencode.
So, what other means on the non-DB side between code-behind and aspx can this be done?
I have tried client-side htmlencoding schemes but they do not all appear to function or provide the same output as the Server.htmlencode.
This is not making sense. Normally the control will encode the text before sending it to the code behind then decode it so you can read it. Which means that when you get it the text should be a max of what ever you have the textarea declared as. You would then store the text in the database as decoded. What am I missing here.
ASKER
Actually it does. I have never heard of it automatically encoding.
If I use the example:
"This is a test. I will pass a sentence with multiple characters. You will see “.”’s in here and I have also done a ,. There will be a time when I need to do an < sign as well." (remove the first and last double quote.)
In the TxtOther.Text in the code-behind I have exactly what is displayed.
I have to run the Server.HtmlEncode(TxtOther
"This is a test. I will pass a sentence with multiple characters. You will see “.”’s in here and I have also done a ,. There will be a time when I need to do an < sign as well." (again, remove the first and last double quote.)
Albeit, I a surprised it didn't change the double-quote to an encoded value.
If I use the example:
"This is a test. I will pass a sentence with multiple characters. You will see “.”’s in here and I have also done a ,. There will be a time when I need to do an < sign as well." (remove the first and last double quote.)
In the TxtOther.Text in the code-behind I have exactly what is displayed.
I have to run the Server.HtmlEncode(TxtOther
"This is a test. I will pass a sentence with multiple characters. You will see “.”’s in here and I have also done a ,. There will be a time when I need to do an < sign as well." (again, remove the first and last double quote.)
Albeit, I a surprised it didn't change the double-quote to an encoded value.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gary, I tried that some of the htmlencoding for javascript on the clientside. The bad thing is that so many I have seen actually address the encodings in different ways for special characters like double quotes and so on.
I need something on the client-side that will encode exactly as the Server.htmlencode is doing. If you know of one please share as that may help. BUT yet and client-side encoding could also be a risk.
"The correct way would be to store the data in the database un-HtmlEncoded and when displayed to the user, HtmlEncode at that time." I cannot necessarily agree with that and definitely wouldn't htmlencode as would that not be an htmldecode? But none-the-less, it's all deterministic on the reason for the information in the DB and what the audience is of it. If it's exclusively and how it was done in the paste. You cannot change if it was done where everything is encoded and stored in the DB. Then decoded when either displayed on the rendering of the page of whatever other output means.
I need something on the client-side that will encode exactly as the Server.htmlencode is doing. If you know of one please share as that may help. BUT yet and client-side encoding could also be a risk.
"The correct way would be to store the data in the database un-HtmlEncoded and when displayed to the user, HtmlEncode at that time." I cannot necessarily agree with that and definitely wouldn't htmlencode as would that not be an htmldecode? But none-the-less, it's all deterministic on the reason for the information in the DB and what the audience is of it. If it's exclusively and how it was done in the paste. You cannot change if it was done where everything is encoded and stored in the DB. Then decoded when either displayed on the rendering of the page of whatever other output means.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's actually used quite heavily in this project. Again, I inherited it and really change it. I would not have agreed with encoding it at all and storing it. As mentioned that is a known risk. The good thing is that it's all done server-side.
What is happening is that when it's storing it is when it's being encoded and when it's rendered back to the user it's decoded.
I need to follow that same paradigm, even as much as I disagree with it and how it's done. Hence, the reason for the question. So, circling back to the original question. How can I do the Server.htmlencoding on the the client so the encoded length is the same as what it will be as the server encoded has or will have?
What is happening is that when it's storing it is when it's being encoded and when it's rendered back to the user it's decoded.
I need to follow that same paradigm, even as much as I disagree with it and how it's done. Hence, the reason for the question. So, circling back to the original question. How can I do the Server.htmlencoding on the the client so the encoded length is the same as what it will be as the server encoded has or will have?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, is just that what I was trying to do was, with any encoding on the client side, it was not going to take any more due to the length (with the conversion) if it's over 500 - even though I was going to truncate it to 500 anyway.
ASKER
Thanks for the information. The encoding was too variable on the client-side and I resorted to using the server-side but also brought up the fact that we should not be doing the encoding to store the information the database.
Thanks!
Thanks!