Html attributes, single quote and HtmlAttributeEncode

September 11, 2007 at 11:33 am Leave a comment

When you develop your own custom controls do not forget that HtmlAttributeEncode method DOES NOT encode single quote.

MSDN says:

The string result from the HtmlAttributeEncode method should be used only for double-quoted attributes. Security issues might arise when using the HtmlAttributeEncode method with single-quoted attributes.

So you should use double quotes

Like this:

Be the first to like this post.

Entry filed under: .net, asp.net, tip. Tags: .

New Lightweight Dependency Injection Framework for .NET – Ninject Code Coverage with TestDriven.Net in Visual Studio 2003

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Trackback this post | Subscribe to the comments via RSS Feed

M	T	W	T	F	S	S
« Aug				Oct »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Gramotei’s Weblog