Monday, June 12, 2006
Working on what was supposed to be a quick little web page change in 2.0.  Needed to create a read-only grid to show some calculation results.  Built a grid with 6 bound columns. Generated the data table, bound the gridview -- there are the results.  Time to pretty them up, so we show the same number of decimal places in the results. I'll just update the DataFormatString.  Results are still showing  their unformatted values -- ctrl-F5 -- still showing unformatted -- restart the app -- still showing unformatted values -- WTF?

After making sure I was setting the string correctly (DataFormatString="{0:F3}" in this case), I did some googling, and found out that in order for the value to be displayed using the format supplied, the HtmlEncode property must also be set = False. Which, sure enough, is what the manual says. This is to prevent cross-site scripting, which is a good thing, but a silly implementation. Generate a security warning somewhere, but if I set the DataFormatString, ASP.NET should assume I want to FORMAT the data, not MAYBE format the data. If I wanted to MAYBE format the data, I would have written conditional logic in the DataBound handler. 

Monday, June 12, 2006 1:11:44 PM (Eastern Standard Time, UTC-05:00)   #     Comments [0]  | 

Theme design by Dean Fiala

Pick a theme: