Let's see an example: there is a German word:
What I have:
...<system.web> <globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto" />...
a resource file containing this word:
<?xml version="1.0" encoding="utf-8"?><root> ... <data name="TestWord" xml:space="preserve"> <value>Fußgängerübergänge</value> </data> ...</root>
an html page hardcoded the same word and using this resource to reference this word and also retrieving this word from DB:
...<head> <meta charset="utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> ...</head><body> <div>Fußgängerübergänge</div> <div>@Model.SameWordFromDbTable.TestWord</div> <div>@Resources.MyResource.TestWord</div> <div>@MvcHtmlString.Create(Resources.MyResource.TestWord)</div></body>...
When I check them in the source code of the webpage they appear in two different ways:
...<head> <meta charset="utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> ...</head><body> <div>Fußgängerübergänge</div> <div>Fußgängerübergänge</div> <div>Fußgängerübergänge</div> <div>Fußgängerübergänge</div></body>...
Question: what did I do wrong, how can I fix this "encoding" issue? What should I do if a want the last 2 words appear in the source code as same as the first two?
My company requires our ASP.NET code to pass a Fortify 360 scan before releasing the code. We use AntiXSS everywhere to sanitize HTML output. We also validate input. Unfortunately, they recently changed the "template" Fortify was using and now it's flagging all our AntiXSS calls as "Poor Validation". These calls are doing things like AntiXSS.HTMLEncode(sEmailAddress).
Anyone know exactly what would satisfy Fortify? A lot of what it's flagging is output where the value comes from a database and never from a user at all, so if HTMLEncode isn't safe enough, we have no idea what is!
I am using wkhtmltopdf on two of my servers. in one of the HTML pages, I have some chinese letters.
The problem is that with the same code, the same version of wkhtmltopdf, on one server everything works fine and in another one, the chinese characters are not visible on the generated pdf.
I guess that there is something to do with the server, any idea?
Accidentally I found this post about a new feature in ASP.NET 4.0: Expressions enclosed in these new brackets
<%: Content %> should be rendered as HTML encoded.
I've tried this within a databound label in a FormView like so:
<asp:Label ID="MyLabel" runat="server" Text='<%: Eval("MyTextProperty") %>' />
But it doesn't work: The text property contains script tags (for testing), but the output is blank. Using the traditional way works:
<asp:Label ID="MyLabel" runat="server" Text='<%# HttpUtility.HtmlEncode(Eval("MyTextProperty")) %>' />
What am I doing wrong?
(On a sidenote: I am too stupid to find any information: Google refuses to search for that thing. The VS2010 Online help on MSDN offers a lot of hits, but nothing related to my search. Stackoverflow search too. And I don't know how these "things" (the brackets I mean) are officially called to have a better search term.)
Any info and additional links and resources are welcome!
Thanks in advance!
I have a mysql database that records some text, with special chars encoded. example
he is called "mike"
then when i tried to decode in to display in my php page, but it does not work. sample code:
echo' <p class="secr_texto">'.htmlspecialchars_decode($reg2['text']).'</p>';
i get the encoded html only.the page is utf-8 encoded and database too.
How do i get the decoded entities?