By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,515 Members | 1,339 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,515 IT Pros & Developers. It's quick & easy.

customer modify .aspx file in a form

P: n/a
I am developing an ASP.Net application for a client and they need to
modify the page layout from within a form. like the way you edit a
blog template in Blogger. what is the best approach to do that in is there a better (and more secure) way than setting
permissions so they can edit the .ASPX files in a form? is there any
way to use variables in that template instead of <asp:label ...> like
the blogger templates?
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies

P: n/a
Do not allow your customer to edit the .aspx files
This is a huge security hole, because your customer can add arbitrary code a la <%# /* arbitrary code goes here */ %>

If they need to modify the layout, try to generate html in such a way that this can be done using CSS.
Nov 18 '05 #2

P: n/a
I don't know anything about blogger, but failing the CSS solution you could try something like this
(I appologize for the code quality, I just whipped this up as a proof of concept

<%@ Page language="c#" Codebehind="WebForm1.aspx.cs" AutoEventWireup="false" Inherits="template.WebForm1" %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" ><HTML><HEAD><title>WebForm1</title><meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"><meta content="C#" name="CODE_LANGUAGE"><meta content="JavaScript" name="vs_defaultClientScript"><meta content="" name="vs_targetSchema"></HEAD><body><form id="Form1" method="post" runat="server"><asp:panel id="panelTemplate" runat="server"
First Name: <asp:TextBox id="FirstName" runat="server"></asp:TextBox><BR
Last Name: <asp:TextBox id="LastName" runat="server"></asp:TextBox><BR><asp:Button id="Update" runat="server" Text="Update"></asp:Button><BR><asp:Label id="FullName" runat="server"></asp:Label></asp:panel><asp:placeholder id="placeHolder" runat="server"></asp:placeholder></form></body></HTML

public class WebForm1 : System.Web.UI.Pag

protected System.Web.UI.WebControls.Panel panelTemplate
protected System.Web.UI.WebControls.TextBox FirstName
protected System.Web.UI.WebControls.TextBox LastName
protected System.Web.UI.WebControls.Button Update
protected System.Web.UI.WebControls.Label FullName
protected System.Web.UI.WebControls.PlaceHolder placeHolder

private void Page_Load(object sender, System.EventArgs e)
string templateString
@"<TABLE><TR><TD>Last Name:</TD><TD>{LastName}</TD></TR><TR><TD>First Name:</TD><TD>{FirstName}</TD></TR><TR><TD></TD><TD>{Update}</TD></TR><TR><TD colspan=""2"">{FullName}</TD></TR></TABLE>"

Template.Apply( placeHolder, panelTemplate, templateString )
#region Web Form Designer generated cod
override protected void OnInit(EventArgs e)
private void InitializeComponent() {
this.Update.Click += new System.EventHandler(this.Update_Click)
this.Load += new System.EventHandler(this.Page_Load)


private void Update_Click(object sender, System.EventArgs e

FullName.Text = string.Format( "{0} {1}", FirstName.Text, LastName.Text )

public class Template
public static void Apply( PlaceHolder ph, Control pt, string template )
SortedList sl = new SortedList()
// Get the order that the controls appear in the templat
string unquoted = Unquote( template );
GetControlOrder( pt.Controls, unquoted, sl )
int pos = 0
string t
LiteralControl lc
for ( int i = 0; i < sl.Count; i++ )
int index = (int)sl.GetKey(i)
Control c = (Control)sl.GetByIndex(i)
t = unquoted.Substring( pos, index - pos )
pos = index + c.ID.Length + 2
lc = new LiteralControl( Quote( t ) )
ph.Controls.Add( lc )
ph.Controls.Add( c )

t = unquoted.Substring( pos )
lc = new LiteralControl( Quote( t ) )
ph.Controls.Add( lc )
pt.Visible = false
private static void GetControlOrder( ControlCollection cc, string template, SortedList sl )
foreach ( Control c in cc )
int i = template.IndexOf( string.Format( "{{{0}}}", c.ID ) )
if ( i != -1 )
sl[i] = c

GetControlOrder( c.Controls, template, sl )

private static string Unquote( string t )
return t.Replace( "{{", "{{\t" ).Replace( "}}", "\t}}" )
private static string Quote( string t )
return t.Replace( "{{\t", "{{" ).Replace( "\t}}", "}}" )

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.