}
}
+ public virtual bool HtmlEncodeFormatString {
+ get { return ViewState.GetBool ("HtmlEncodeFormatString", true); }
+ set {
+ ViewState ["HtmlEncodeFormatString"] = value;
+ OnFieldChanged ();
+ }
+ }
+
public override void ExtractValuesFromCell (IOrderedDictionary dictionary,
DataControlFieldCell cell, DataControlRowState rowState, bool includeReadOnly)
{
protected virtual string FormatDataValue (object value, bool encode)
{
string res;
- string stringValue = (value != null) ? value.ToString () : string.Empty;
+ bool htmlEncodeFormatString = HtmlEncodeFormatString;
+ string stringValue = (value != null) ? value.ToString () : String.Empty;
if (value == null || (stringValue.Length == 0 && ConvertEmptyStringToNull)) {
if (NullDisplayText.Length == 0) {
encode = false;
res = " ";
} else
res = NullDisplayText;
- } else if (DataFormatString.Length > 0)
- res = string.Format (DataFormatString, value);
+ } else {
+ string format = DataFormatString;
+ if (!String.IsNullOrEmpty (format)) {
+ if (!encode || htmlEncodeFormatString)
+ res = String.Format (format, value);
+ else
+ res = String.Format (format, encode ? HttpUtility.HtmlEncode (stringValue) : stringValue);
+ } else
+ res = stringValue;
+ }
+
+ if (encode && htmlEncodeFormatString)
+ return HttpUtility.HtmlEncode (res);
else
- res = stringValue;
-
- if (encode) return HttpUtility.HtmlEncode (res);
- else return res;
+ return res;
}
protected virtual object GetValue (Control controlContainer)
return DataBinder.GetPropertyValue (dataItem, DataField);
}
+ protected override void LoadViewState (object state)
+ {
+ // Why override?
+ base.LoadViewState (state);
+ }
+
protected virtual void OnDataBindField (object sender, EventArgs e)
{
Control cell = (Control) sender;
namespace MonoTests.System.Web.UI.WebControls
{
+ class EncodingTest
+ {
+ public override string ToString ()
+ {
+ return "<EncodingTest>&";
+ }
+ }
+
class PokerBoundField : BoundField
{
public Button bindbutoon;
public Control GetControl {
get { return base.Control; }
}
+
+ public object DoSaveViewState ()
+ {
+ return SaveViewState ();
+ }
}
bf.DataFormatString = "-{0,8:G}-";
result = bf.DoFormatDataValue (10, false);
Assert.AreEqual ("- 10-", result, "FormatDataValueWithFormat");
+
+ bf.DataFormatString = "-{0:X}-";
+ result = bf.DoFormatDataValue (10, true);
+ Assert.AreEqual ("-A-", result, "FormatDataValueWithFormatAndHtmlEncode");
+
+ bf.DataFormatString = "-{0:X}-";
+ result = bf.DoFormatDataValue (10, false);
+ Assert.AreEqual ("-A-", result, "FormatDataValueWithFormatAndNoHtmlEncode");
+
+ bf.HtmlEncodeFormatString = false;
+ bf.DataFormatString = "-{0:X}-";
+ result = bf.DoFormatDataValue (10, true);
+ Assert.AreEqual ("-10-", result, "NoHtmlEncodeFormatString_HtmlEncode");
+
+ bf.DataFormatString = "-{0:X}-";
+ result = bf.DoFormatDataValue (10, false);
+ Assert.AreEqual ("-A-", result, "NoHtmlEncodeFormatString_NoHtmlEncode");
+ }
+
+ [Test]
+ public void HtmlEncodeFormatString ()
+ {
+ string formatString = "<script>alert ('{0}');</script>";
+ var bf = new PokerBoundField ();
+
+ Assert.IsTrue (bf.HtmlEncodeFormatString, "#A1-2");
+ Assert.IsTrue (bf.HtmlEncode, "#A1-2");
+ Assert.IsTrue (bf.DoSupportsHtmlEncode, "#A1-3");
+
+ bf.DataFormatString = formatString;
+#if NET_4_0
+ Assert.AreEqual ("<script>alert ('<test>');</script>", bf.DoFormatDataValue ("<test>", true), "#A2");
+#else
+ Assert.AreEqual ("<script>alert ('<test>');</script>", bf.DoFormatDataValue ("<test>", true), "#A2");
+#endif
+ Assert.AreEqual (String.Format (formatString, "<test>"), bf.DoFormatDataValue ("<test>", false), "#A3");
+
+ bf.HtmlEncodeFormatString = false;
+ Assert.AreEqual ("<script>alert ('<test>');</script>", bf.DoFormatDataValue ("<test>", true), "#A4");
+
+ var ec = new EncodingTest ();
+ bf.HtmlEncodeFormatString = true;
+#if NET_4_0
+ Assert.AreEqual ("<script>alert ('<EncodingTest>&');</script>", bf.DoFormatDataValue (ec, true), "#A4");
+#else
+ Assert.AreEqual ("<script>alert ('<EncodingTest>&');</script>", bf.DoFormatDataValue (ec, true), "#A4");
+#endif
}
[Test]