HTMLEncode and DataFormatString Exceptions
I've had this question on two other forums for over a week with no response on either, and I can't find any net-searh information on this particular topic, so there's a chance I'm completely off base here...having said that, here goes.
In a DetailsView (or FormView or Gridview), two of the "edit column" properties are HTMLEncode and DataFormatString. If
A) either of these are "on" (and it's either one or the other, best I can tell), and
B) I type in a character string that violates the rule defined by that property, (such as '<s>' for HTMLEncode and 'XX/03/2007' for a DataStringFormat of {0:d} = short date), then
C) the app returns a full blown exception screen, with a descriptin of the error, a call stack and so on.
I'm surely not the first one to notice this...my question is, what do people typically do to manage the exception?
In addition to script attacks, there are going to be typo's on entry, so there's got to be a way to manage these exceptions.
What is done to trap this type of exception and provide a more "friendly" feedback to the user?
Ideally I'd like to push back something in a "message" textbox on the page, but right now I can't find ANY information on what to do, except capture it on a general error page (which I haven't tried yet) specified by the web.config file...which doesn't seem to be particularly refined...but what do I know? :-)
Again, I may be way off base here as far as missing something basic and obvious about how this is supposed to work, but still, at the moment, I don't have a clue, so I'm stuck.
Any guidance on this would be greatly appreciated.
Thanks!
|
