HTML Encoding

• Jan 25, 2022
• 7 minutes to read

Web browsers can interpret data that contains reserved characters as HTML markup and execute this data as a code. You should encode data to prevent this behavior and protect a website from cross-site scripting (XSS) attacks.

DevExpress ASP.NET MVC extensions implement an EncodeHtml property that allows you to encode the extension’s value and element content. When the property is set to true, the extension converts angle brackets (< and > characters) to character entity references (< and >) and displays HTML code as text.

The EncodeHtml property ignores values and element content specified on the client.

This topic consists of sections that describe how HTML encoding is implemented in a particular DevExpress ASP.NET MVC extension.

BinaryImage

The BinaryImageEditSettings.EncodeHtml property encodes the following BinaryImageEditExtension property values:

• BinaryImageEditSettings.Properties.Caption
• BinaryImageEditSettings.Properties.CaptionSettings.OptionalMark
• BinaryImageEditSettings.Properties.CaptionSettings.RequiredMark

Button

The ButtonSettings.EncodeHtml property encodes a ButtonExtension‘s ButtonSettings.Text property value.

ButtonEdit

The ButtonEditSettings.EncodeHtml property encodes the following ButtonEditExtension property values:

• Text of individual buttons
• ButtonEditSettings.Properties.Caption
• ButtonEditSettings.Properties.HelpText
• ButtonEditSettings.Properties.CaptionSettings.OptionalMark
• ButtonEditSettings.Properties.CaptionSettings.RequiredMark

The extention always encodes its ButtonEditSettings.Text and ButtonEditSettings.Properties.NullText property values.

Calendar

The CalendarSettings.EncodeHtml property encodes the following CalendarExtension property values:

• CalendarSettings.Properties.ClearButtonText
• CalendarSettings.Properties.TodayButtonText
• CalendarSettings.Properties.FastNavProperties.CancelButtonText
• CalendarSettings.Properties.FastNavProperties.OkButtonText

Captcha

The CaptchaSettings.EncodeHtml property encodes the following CaptchaExtension property values:

• CaptchaSettings.RefreshButton.Text
• CaptchaSettings.TextBox.LabelText
• CaptchaSettings.ValidationSettings.ErrorText
• CaptchaSettings.ValidationSettings.RequiredField.ErrorText

The extension always encodes its CaptchaSettings.TextBox.NullText property value.

CardView

A column‘s PropertiesEdit.EncodeHtml property encodes column cell values in a CardViewExtension.

The CardViewSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts. Set the CardViewSettings.SettingsCommandButton.EncodeHtml property to true to encode a command button‘s text.

CheckBox

The CheckBoxSettings.EncodeHtml property encodes a CheckBoxExtension‘s CheckBoxSettings.Text property value.

CheckBoxList

The CheckBoxListSettings.EncodeHtml property encodes the following CheckBoxListExtension property values:

• Text of individual items
• Value of individual items

ColorEdit

The ColorEditSettings.EncodeHtml property encodes the following ColorEditExtension property values:

• Text of individual buttons
• ColorEditSettings.Properties.Caption
• ColorEditSettings.Properties.HelpText
• ColorEditSettings.Properties.CaptionSettings.OptionalMark
• ColorEditSettings.Properties.CaptionSettings.RequiredMark
• ColorEditSettings.Properties.ClearButton.Text
• ColorEditSettings.Properties.DropDownButton.Text

Values of the following properties are always encoded:

• ColorEditSettings.Properties.CancelButtonText
• ColorEditSettings.Properties.NullText
• ColorEditSettings.Properties.OkButtonText

ComboBox

The ComboBoxSettings.EncodeHtml property encodes the following ComboBoxExtension property values:

• Text of individual buttons
• Text of individual items
• ComboBoxSettings.ClearButton.Text
• ComboBoxSettings.DropDownButton.Text
• ComboBoxSettings.Properties.Caption
• ComboBoxSettings.Properties.HelpText
• ComboBoxSettings.Properties.CaptionSettings.OptionalMark
• ComboBoxSettings.Properties.CaptionSettings.RequiredMark

The extension always encodes its ComboBoxSettings.Properties.NullText property value.

The ComboBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

DateEdit

The DateEditSettings.EncodeHtml property encodes the following DateEditExtension property values:

• Text of individual buttons
• DateEditSettings.Properties.Caption
• DateEditSettings.Properties.HelpText
• DateEditSettings.Properties.ClearButton.Text
• DateEditSettings.Properties.DropDownButton.Text
• DateEditSettings.Properties.CalendarProperties.ClearButtonText
• DateEditSettings.Properties.CalendarProperties.TodayButtonText
• DateEditSettings.Properties.CaptionSettings.OptionalMark
• DateEditSettings.Properties.CaptionSettings.RequiredMark
• DateEditSettings.Properties.TimeSectionProperties.CancelButtonText
• DateEditSettings.Properties.TimeSectionProperties.OkButtonText
• DateEditSettings.Properties.CalendarProperties.FastNavProperties.CancelButtonText
• DateEditSettings.Properties.CalendarProperties.FastNavProperties.OkButtonText

The extension always encodes its DateEditSettings.Properties.NullText property value.

DataView

The DataViewSettings.EncodeHtml property encodes the pager‘s button captions of a DataViewExtension.

The DataViewSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

The extension does not encode the DataViewSettings.PagerSettings.ShowMoreItemsText and DataViewSettings.EmptyDataText property values and renders these values as HTML markup.

Diagram

The DiagramSettings.EncodeHtml property encodes Title of individual custom shapes in a DiagramExtension.

The extension always encodes the following property values:

• DefaultText of individual custom shapes
• Title of individual toolbox groups
• The shape’s content (except for templates that are specified on the client)

DropDownEdit

The DropDownEditSettings.EncodeHtml property encodes the following DropDownEditExtension property values:

• Text of individual buttons
• DropDownEditSettings.Properties.Caption
• DropDownEditSettings.Properties.HelpText
• DropDownEditSettings.Properties.CaptionSettings.OptionalMark
• DropDownEditSettings.Properties.CaptionSettings.RequiredMark
• DropDownEditSettings.Properties.ClearButton.Text
• DropDownEditSettings.Properties.DropDownButton.Text

The extension always encodes its DropDownEditSettings.Text and DropDownEditSettings.Properties.NullText property values.

FilterControl

A column‘s PropertiesEdit.EncodeHtml property encodes column cell values in a FilterControlExtension.

FormLayout

The FormLayoutSettings.EncodeHtml property encodes Caption of individual items in a FormLayoutExtension.

Gantt

A GanttExtension always encodes the following property values:

• Resources
• Hints of the tasks
• Titles of the tasks
• Text of individual toolbar items

The extension does not encode the Caption and ToolTip property values of individual columns in the Task List and renders these values as HTML markup.

GridView

Set a column‘s PropertiesEdit.EncodeHtml property to true to encode column cell values in a GridViewExtension.

The GridViewSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts.

Hint

The HintSettings.EncodeHtml property encodes the following HintExtension property values:

• HintSettings.Content
• HintSettings.Title

The HintSettings.EncodeHtml property is not in effect for hint content specified on the client side.

HtmlEditor

The HtmlEditorSettings.EncodeHtml property encodes the following HtmlEditorExtension property values:

• Text of individual context menu items
• HtmlEditorSettings.SettingsValidation.ErrorText
• HtmlEditorSettings.SettingsValidation.RequiredField.ErrorText

The extension does not encode Text and Value property values of individual toolbar custom items and renders these values as HTML markup.

HyperLink

The HyperLinkSettings.EncodeHtml property encodes a HyperLinkExtension‘s HyperLinkSettings.Properties.Text property value.

ImageGallery

The ImageGallerySettings.EncodeHtml property encodes the following ImageGalleryExtension property values:

• FullscreenViewerText of individual items
• Text of individual items

The extension does not encode the following property values and renders these values as HTML markup:

• ImageGallerySettings.EmptyDataText
• ImageGallerySettings.PagerSettings.ShowMoreItemsText

ImageSlider

The ImageSliderSettings.EncodeHtml property encodes Text of individual items in an ImageSliderExtension.

Label

The LabelSettings.EncodeHtml property encodes a LabelExtension‘s LabelSettings.Text property value.

ListBox

The ListBoxSettings.EncodeHtml property encodes the following ListBoxExtension property values:

• Text of individual items
• Value of individual items
• ListBoxSettings.Properties.Caption
• ListBoxSettings.Properties.CaptionSettings.OptionalMark
• ListBoxSettings.Properties.CaptionSettings.RequiredMark

The ListBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

Memo

The MemoSettings.EncodeHtml property encodes the following MemoExtension property values:

• MemoSettings.Caption
• MemoSettings.HelpText
• MemoSettings.Properties.CaptionSettings.OptionalMark
• MemoSettings.Properties.CaptionSettings.RequiredMark

The extension always encodes its MemoSettings.Text and MemoSettings.Properties.NullText property values.

Menu

The MenuSettings.EncodeHtml property encodes Text of individual items in a MenuExtension.

NavBar

The NavBarSettings.EncodeHtml property encodes the following NavBarExtension property values:

• Text of individual groups
• Text of individual group items

PageControl

The PageControlSettings.EncodeHtml property encodes Text of individual tab pages in a PageControlExtension.

PopupControl

The PopupControlSettings.EncodeHtml property encodes the following PopupControlExtension property values:

• PopupControlSettings.FooterText
• PopupControlSettings.HeaderText
• PopupControlSettings.Text

PopupMenu

The PopupMenuSettings.EncodeHtml property encodes the Text of individual items in a PopupMenuExtension.

RadioButton

The RadioButtonSettings.EncodeHtml property encodes a RadioButtonExtension‘s RadioButtonSettings.Text property value.

RadioButtonList

The RadioButtonListSettings.EncodeHtml property encodes the following RadioButtonListExtension property values:

• Text of individual items
• Value of individual items
• RadioButtonListSettings.Properties.Caption
• RadioButtonListSettings.Properties.CaptionSettings.OptionalMark
• RadioButtonListSettings.Properties.CaptionSettings.RequiredMark

Ribbon

The RibbonSettings.EncodeHtml property encodes the following RibbonExtension property values:

• Text of individual tabs
• Text of individual tab groups
• Text of individual group items

RichEdit

The RichEditSettings.EncodeHtml property encodes ribbon and popup control elements of a RichEditExtension. The extension always encodes its content.

RoundPanel

A RoundPanelExtension‘s RoundPanelSettings.EncodeHtml property is not in effect, when the RoundPanelSettings.View property value is set to Standard. If the RoundPanelSettings.View property value is set to GroupBox, the RoundPanelSettings.EncodeHtml property encodes the RoundPanelSettings.HeaderText property value.

SpinEdit

The SpinEditSettings.EncodeHtml property encodes the following SpinEditExtension property values:

• Text of individual buttons
• SpinEditSettings.Properties.Caption
• SpinEditSettings.Properties.HelpText
• SpinEditSettings.Properties.CaptionSettings.OptionalMark
• SpinEditSettings.Properties.CaptionSettings.RequiredMark
• SpinEditSettings.Properties.ClearButton.Text

The extension always encodes its SpinEditSettings.Properties.NullText property value.

Spreadsheet

The SpreadsheetSettings.EncodeHtml property encodes the ribbon and popup control elements of a SpreadsheetExtension. The extension always encodes its content.

TabControl

The TabControlSettings.EncodeHtml property encodes Text of individual tabs in a TabControlExtension.

TextBox

The TextBoxSettings.EncodeHtml property encodes the following TextBoxExtension property values:

• TextBoxSettings.Properties.Caption
• TextBoxSettings.Properties.HelpText
• TextBoxSettings.Properties.CaptionSettings.OptionalMark
• TextBoxSettings.Properties.CaptionSettings.RequiredMark

The extension always encodes its TextBoxSettings.Text and TextBoxSettings.Properties.NullText property values.

TimeEdit

The TimeEditSettings.EncodeHtml property encodes the following TimeEditExtension property values:

• Text of individual buttons
• TimeEditSettings.Properties.Caption
• TimeEditSettings.Properties.HelpText
• TimeEditSettings.Properties.CaptionSettings.OptionalMark
• TimeEditSettings.Properties.CaptionSettings.RequiredMark
• TimeEditSettings.Properties.ClearButton.Text

The extension always encodes its TimeEditSettings.Properties.NullText property value.

TokenBox

The TokenBoxSettings.EncodeHtml property encodes the following TokenBoxExtension property values:

• Text of individual items
• Value of individual items
• TokenBoxSettings.Properties.Caption
• TokenBoxSettings.Properties.HelpText
• TokenBoxSettings.Properties.Tokens
• TokenBoxSettings.Properties.CaptionSettings.OptionalMark
• TokenBoxSettings.Properties.CaptionSettings.RequiredMark

The extension always encodes its TokenBoxSettings.Properties.NullText property value.

The TokenBoxSettings.EncodeHtml property is not in effect for item template content. Call the HttpUtility.HtmlEncode method to encode it.

TrackBar

The TrackBarSettings.EncodeHtml property encodes the following TrackBarExtension property values:

• Tooltip of individual items
• Text of individual items
• TrackBarSettings.Properties.Caption
• TrackBarSettings.Properties.CaptionSettings.OptionalMark
• TrackBarSettings.Properties.CaptionSettings.RequiredMark

The extension always encodes its TrackBarSettings.ToolTip property value.

TreeList

Set a column‘s PropertiesEdit.EncodeHtml property to true to encode column cell values in a TreeListExtension.

The TreeListSettings.SettingsBehavior.EncodeErrorHtml property encodes the extension’s error texts.

TreeView

The TreeViewSettings.EncodeHtml property encodes Text of individual nodes in a TreeViewExtension.

ValidationSummary

The ValidationSummarySettings.EncodeHtml property encodes a ValidationSummaryExtension‘s ValidationSummarySettings.HeaderText property value.

The extension summarizes validation errors from multiple editors and displays them in a single block. Set an editor’s EncodeHtml property to true to encode the editor’s error text in the ValidationSummaryExtension.

VerticalGrid

Set a row‘s PropertiesEdit.EncodeHtml property to true to encode the row’s cell values in a VerticalGridExtension.

The VerticalGridSettings.SettingsBehavior.EncodeErrorHtml property encodes the extencion’s error texts.