Skip to main content

HTML Encoding

  • 7 minutes to read

Web browsers can interpret data that contains reserved characters as HTML markup and execute this data as a code. You should encode data to prevent this behavior and protect a website from cross-site scripting (XSS) attacks.

DevExpress ASP.NET MVC extensions implement an EncodeHtml property that allows you to encode the extension’s value and element content. When the property is set to true, the extension converts angle brackets (< and > characters) to character entity references (&lt; and &gt;) and displays HTML code as text.

The EncodeHtml property ignores values and element content specified on the client.

This topic consists of sections that describe how HTML encoding is implemented in a particular DevExpress ASP.NET MVC extension.

BinaryImage

The BinaryImageEditSettings.EncodeHtml property encodes the following BinaryImageEditExtension property values:

Button

The ButtonSettings.EncodeHtml property encodes a ButtonExtension‘s ButtonSettings.Text property value.

ButtonEdit

The ButtonEditSettings.EncodeHtml property encodes the following ButtonEditExtension property values:

The extention always encodes its ButtonEditSettings.Text and ButtonEditSettings.Properties.NullText property values.

Calendar

The CalendarSettings.EncodeHtml property encodes the following CalendarExtension property values:

Captcha

The CaptchaSettings.EncodeHtml property encodes the following CaptchaExtension property values:

The extension always encodes its CaptchaSettings.TextBox.NullText property value.

CardView

A column‘s PropertiesEdit.EncodeHtml property encodes column cell values in a CardViewExtension.

The CardViewSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts. Set the CardViewSettings.SettingsCommandButton.EncodeHtml property to true to encode a command button‘s text.

CheckBox

The CheckBoxSettings.EncodeHtml property encodes a CheckBoxExtension‘s CheckBoxSettings.Text property value.

CheckBoxList

The CheckBoxListSettings.EncodeHtml property encodes the following CheckBoxListExtension property values:

ColorEdit

The ColorEditSettings.EncodeHtml property encodes the following ColorEditExtension property values:

Values of the following properties are always encoded:

ComboBox

The ComboBoxSettings.EncodeHtml property encodes the following ComboBoxExtension property values:

The extension always encodes its ComboBoxSettings.Properties.NullText property value.

The ComboBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

DateEdit

The DateEditSettings.EncodeHtml property encodes the following DateEditExtension property values:

The extension always encodes its DateEditSettings.Properties.NullText property value.

DataView

The DataViewSettings.EncodeHtml property encodes the pager‘s button captions of a DataViewExtension.

The DataViewSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

The extension does not encode the DataViewSettings.PagerSettings.ShowMoreItemsText and DataViewSettings.EmptyDataText property values and renders these values as HTML markup.

Diagram

The DiagramSettings.EncodeHtml property encodes Title of individual custom shapes in a DiagramExtension.

The extension always encodes the following property values:

The DropDownEditSettings.EncodeHtml property encodes the following DropDownEditExtension property values:

The extension always encodes its DropDownEditSettings.Text and DropDownEditSettings.Properties.NullText property values.

FilterControl

A column‘s PropertiesEdit.EncodeHtml property encodes column cell values in a FilterControlExtension.

FormLayout

The FormLayoutSettings.EncodeHtml property encodes Caption of individual items in a FormLayoutExtension.

Gantt

A GanttExtension always encodes the following property values:

The extension does not encode the Caption and ToolTip property values of individual columns in the Task List and renders these values as HTML markup.

GridView

Set a column‘s PropertiesEdit.EncodeHtml property to true to encode column cell values in a GridViewExtension.

The GridViewSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts.

Hint

The HintSettings.EncodeHtml property encodes the following HintExtension property values:

The HintSettings.EncodeHtml property is not in effect for hint content specified on the client side.

HtmlEditor

The HtmlEditorSettings.EncodeHtml property encodes the following HtmlEditorExtension property values:

The extension does not encode Text and Value property values of individual toolbar custom items and renders these values as HTML markup.

The HyperLinkSettings.EncodeHtml property encodes a HyperLinkExtension‘s HyperLinkSettings.Properties.Text property value.

ImageGallery

The ImageGallerySettings.EncodeHtml property encodes the following ImageGalleryExtension property values:

The extension does not encode the following property values and renders these values as HTML markup:

ImageSlider

The ImageSliderSettings.EncodeHtml property encodes Text of individual items in an ImageSliderExtension.

Label

The LabelSettings.EncodeHtml property encodes a LabelExtension‘s LabelSettings.Text property value.

ListBox

The ListBoxSettings.EncodeHtml property encodes the following ListBoxExtension property values:

The ListBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

Memo

The MemoSettings.EncodeHtml property encodes the following MemoExtension property values:

The extension always encodes its MemoSettings.Text and MemoSettings.Properties.NullText property values.

The MenuSettings.EncodeHtml property encodes Text of individual items in a MenuExtension.

The NavBarSettings.EncodeHtml property encodes the following NavBarExtension property values:

PageControl

The PageControlSettings.EncodeHtml property encodes Text of individual tab pages in a PageControlExtension.

PopupControl

The PopupControlSettings.EncodeHtml property encodes the following PopupControlExtension property values:

PopupMenu

The PopupMenuSettings.EncodeHtml property encodes the Text of individual items in a PopupMenuExtension.

RadioButton

The RadioButtonSettings.EncodeHtml property encodes a RadioButtonExtension‘s RadioButtonSettings.Text property value.

RadioButtonList

The RadioButtonListSettings.EncodeHtml property encodes the following RadioButtonListExtension property values:

Ribbon

The RibbonSettings.EncodeHtml property encodes the following RibbonExtension property values:

RichEdit

The RichEditSettings.EncodeHtml property encodes ribbon and popup control elements of a RichEditExtension. The extension always encodes its content.

RoundPanel

A RoundPanelExtension‘s RoundPanelSettings.EncodeHtml property is not in effect, when the RoundPanelSettings.View property value is set to Standard. If the RoundPanelSettings.View property value is set to GroupBox, the RoundPanelSettings.EncodeHtml property encodes the RoundPanelSettings.HeaderText property value.

SpinEdit

The SpinEditSettings.EncodeHtml property encodes the following SpinEditExtension property values:

The extension always encodes its SpinEditSettings.Properties.NullText property value.

Spreadsheet

The SpreadsheetSettings.EncodeHtml property encodes the ribbon and popup control elements of a SpreadsheetExtension. The extension always encodes its content.

TabControl

The TabControlSettings.EncodeHtml property encodes Text of individual tabs in a TabControlExtension.

TextBox

The TextBoxSettings.EncodeHtml property encodes the following TextBoxExtension property values:

The extension always encodes its TextBoxSettings.Text and TextBoxSettings.Properties.NullText property values.

TimeEdit

The TimeEditSettings.EncodeHtml property encodes the following TimeEditExtension property values:

The extension always encodes its TimeEditSettings.Properties.NullText property value.

TokenBox

The TokenBoxSettings.EncodeHtml property encodes the following TokenBoxExtension property values:

The extension always encodes its TokenBoxSettings.Properties.NullText property value.

The TokenBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

TrackBar

The TrackBarSettings.EncodeHtml property encodes the following TrackBarExtension property values:

The extension always encodes its TrackBarSettings.ToolTip property value.

TreeList

Set a column‘s PropertiesEdit.EncodeHtml property to true to encode column cell values in a TreeListExtension.

The TreeListSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts.

TreeView

The TreeViewSettings.EncodeHtml property encodes Text of individual nodes in a TreeViewExtension.

ValidationSummary

The ValidationSummarySettings.EncodeHtml property encodes a ValidationSummaryExtension‘s ValidationSummarySettings.HeaderText property value.

The extension summarizes validation errors from multiple editors and displays them in a single block. Set an editor’s EncodeHtml property to true to encode the editor’s error text in the ValidationSummaryExtension.

VerticalGrid

Set a row‘s PropertiesEdit.EncodeHtml property to true to encode the row’s cell values in a VerticalGridExtension.

The VerticalGridSettings.SettingsBehavior.EncodeErrorHtml property encodes the extencion’s error texts.