Html attributes, single quote and HtmlAttributeEncode

September 11, 2007 at 11:33 am Leave a comment

When you develop your own custom controls do not forget that HtmlAttributeEncode method DOES NOT encode single quote.

MSDN says:

The string result from the HtmlAttributeEncode method should be used only for double-quoted attributes. Security issues might arise when using the HtmlAttributeEncode method with single-quoted attributes.

So you should use double quotes

Advertisements

Entry filed under: .net, asp.net, tip.

New Lightweight Dependency Injection Framework for .NET – Ninject Code Coverage with TestDriven.Net in Visual Studio 2003

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Calendar

September 2007
M T W T F S S
« Aug   Oct »
 12
3456789
10111213141516
17181920212223
24252627282930

Most Recent Posts


%d bloggers like this: