tags:

views:

1114

answers:

2
Q: 

How to stop automatic HTML Encoding when assigning to HTML Input Fields VB.NET

I have to submit a HTML form to a 3rd party website and one of the hidden fields is an XML string. The XML needs escaping before it is sent to the 3rd party.

However when I add the plain XML to the form field it semi-escapes it for me. So then when I use HTMLEncode myself part of the XML is double-escaped. How do I prevent the automatic escaping that appears to becoming from .NET.

Or even better how else can send the escaped XML via the hidden field.

XML

<systemCode>APP</systemCode>

Basic assigning to hidden input field

&lt;systemCode>APP&lt;/systemCode>

When I HTML Encode it as well

&amp;lt;systemCode&amp;gt;APP&amp;lt;/systemCode&amp;gt;

I can see what's happening - but I don't know how to prevent it?

Thanks

+2  A: 

Don't use HTMLEncode as well ! Use it alone !

Something like:

'Setting value:
hdnField.Value = Server.HtmlEncode("<systemCode>APP</systemCode>")
'Outputs: &amp;lt;systemCode&amp;gt;APP&amp;lt;/systemCode&amp;gt;

'Retrieving encoded value:
Dim escaped as string = Request.Form("hdnField")
'Retrieves: &lt;systemCode&gt;APP&lt;/systemCode&gt;

'Retrieving decoded value:
Dim myValue As String = Server.HtmlDecode(Request.Form("hdnField"))
'Retrieves: "<systemCode>APP</systemCode>"
Cerebrus  2009-05-06 09:54:17
Say it one more time .... but this time with feeling ! ;)
Chad Grant  2009-05-06 09:56:36
I will if you will vote one more time... this time with feeling ! :P
Cerebrus  2009-05-06 09:58:40
Hi, I'm not using HTMLEncode as well as anything else - I AM using it alone but as I said there is something else going on automatically that is encoding the < of the XML from just this: portalReq.Value = myXML - it's the automatic stuff I want to stop!
David A Gibson  2009-05-06 10:04:37
You cannot stop the "automatic stuff". ASP.NET will make sure that your rendered markup is valid XHTML. The only option is to assign the field's value to an HTMLEncoded string as I have shown above.
Cerebrus  2009-05-06 10:28:32
I don't have control over the decoding I am sending this to a 3rd party. They are complaining that it is double encoded - so your option doesn't work for this specific case although I understand what you mean.
David A Gibson  2009-05-06 10:48:57
A: 

In the end I used a literal and then HTMLEncoding the XML string before assigned a HTML form variable to the literal text field. A little bit like below:

portalReq.Text = "<input type=""hidden"" name=""portalReq"" value='" & HTMLENCODE(RequestXML) & "' />"

Not elegant but it's circumventing the problem.

David A Gibson  2009-05-19 07:58:04

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?