Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
|
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 29th, 2006, 03:43 PM
Authorized User
 
Join Date: Jan 2006
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default HTMLEncode and DataFormatString Exceptions

I've had this question on two other forums for over a week with no response on either, and I can't find any net-searh information on this particular topic, so there's a chance I'm completely off base here...having said that, here goes.

In a DetailsView (or FormView or Gridview), two of the "edit column" properties are HTMLEncode and DataFormatString. If
A) either of these are "on" (and it's either one or the other, best I can tell), and
B) I type in a character string that violates the rule defined by that property, (such as '<s>' for HTMLEncode and 'XX/03/2007' for a DataStringFormat of {0:d} = short date), then
C) the app returns a full blown exception screen, with a descriptin of the error, a call stack and so on.

I'm surely not the first one to notice this...my question is, what do people typically do to manage the exception?

In addition to script attacks, there are going to be typo's on entry, so there's got to be a way to manage these exceptions.

What is done to trap this type of exception and provide a more "friendly" feedback to the user?

Ideally I'd like to push back something in a "message" textbox on the page, but right now I can't find ANY information on what to do, except capture it on a general error page (which I haven't tried yet) specified by the web.config file...which doesn't seem to be particularly refined...but what do I know? :-)

Again, I may be way off base here as far as missing something basic and obvious about how this is supposed to work, but still, at the moment, I don't have a clue, so I'm stuck.

Any guidance on this would be greatly appreciated.

Thanks!
 
Old October 4th, 2006, 07:53 PM
Authorized User
 
Join Date: Jan 2006
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Default

DetailsView Fields can be individually converted to Template Fields (head smack, "DOH!", etc.) to which validators can be applied...

AND

this works, as a first approximation, if template fields are not desired. The redirect just displays the message and offers a "back" button. But it seems that you have to leave the page to do it...can't figure a way to process the error on the page, but...hey...

Protected Sub Page_Error(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Error
Dim wrkErr As Exception = Server.GetLastError()
If InStr(wrkErr.Message, "A potentially dangerous") <> 0 Then
Server.ClearError()
Session("ErrMsg") = "&lt; -any- > strings not allowed, please change and retry"
Response.Redirect("~/App_Pages/zzTest/a890_errmsg.aspx")
End If
If InStr(wrkErr.Message, "valid DateTime") <> 0 Then
Server.ClearError()
Session("ErrMsg") = "Invalid DateTime Entry, please change and retry"
esponse.Redirect("~/App_Pages/zzTest/a890_errmsg.aspx")
End If
End Sub





Similar Threads
Thread Thread Starter Forum Replies Last Post
DataFormatString does not format bnorg ASP.NET 2.0 Professional 1 September 19th, 2006 12:34 PM
Type mismatch: 'htmlEncode' nlpatel78 Classic ASP Basics 1 March 3rd, 2005 06:39 AM
HtmlEncode method of Server object bekim C# 4 June 27th, 2004 01:38 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.