@sangam56
Thanks for the link sangam! It's really informative.
The only thing is that it's probably not a good idea to be writing JavaScript into Labels as suggested by the article because the web application could be configured to use Server.HtmlEncode on all incoming/outgoing text.
This method will substitute characters that have HTML meaning into their ascii equivalent to protect the server and end user from any malicious code that may have been retrieved...
For example if you set the text of a label to the following:
myLabel.Text = "<script>alert('Hello World!');</script>"
It will normally be rendered as:
-
<span id="myLabel">
-
<script type="text/javascript"> alert('Hello World'); </script>
-
</span>
The angled brackets ( <> ) are special characters in HTML: they are used to indicate elements. So the Browser sees that there's a script tag and executes the JavaScript with it.
But if the server is using the Server.HtmlEncode() method the label will be rendered as:
-
<span id="myLabel">
-
< script type="text/javascript" > alert('Hello World'); < /script >
-
</span>
The angled brackets are replaced with their ascii equivilent and the browser prints the script in the page instead of executing JavaScript code.
@balame2004
This is getting a bit closer because the HtmlEncode method isn't going to mess with the JavaScript however when you use the Response.Write method in your VB or C# code it can end up anywhere in the HTML...
This means that it's likely that the JavaScript will be written outside of the HTML....
For example, if you were to use the above Response.Write method it would probably place the JavaScript as such in the HTML:
-
<script language='javascript'>alert('MessageBox')</script>
-
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml">
-
<head>
-
<title></title>
-
</head>
-
<body>
-
<!-- your page content goes here -->
-
</body>
-
</html>
This makes the HTML invalid because the JavaScript is out side of the document. The JavaScript should be placed in the <head> section or <body> section:
For example:
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml">
-
<head>
-
<title></title>
-
<!--
-
The script can be placed here or in the body to make it valid
-
-->
-
<script language='javascript'>//alert('MessageBox')</script>
-
</head>
-
<body>
-
<script language='javascript'>alert('MessageBox')</script>
-
<!-- your page content goes here -->
-
</body>
-
</html>
The Response.Write() method should only ever be called from the ASP code...instead of being used in your C# or VB code behind.
So, both of solutions may or may not work...depending on server configuration and how/where the JavaScript is written in the HTML (and how the Browser treats the invalid HTML).
I would recommend something completely different.
Create a Protected Property that indicates whether or not the alert needs to be displayed. A property with a Protected scope will make it available to the ASP code. You can use the Response.Write() method in the ASP code to ensure that it is writing to a valid place in the HTML....and dynamically create your script as such....
(Please note that <%= %> is the ASP short hand for <% Response.Write(""); %>...
Also please note that any thing in <% %> is executed on the server...so this should be C# code or VB.NET code...in this case I'm using VB.NET and so there are no semicolons (;) in the <% %> tags but if you were using C# you would need to use proper C# syntax)
ASP code:
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml">
-
<head>
-
<title></title>
-
</head>
-
<body>
-
<script language='javascript'>
-
var shouldDisplayAlert = '<%= ShouldDisplayMessage() %>';
-
if(shouldDisplayAlert == 'true' || shouldDisplayAlert == 'True'){
-
alert( '<%= TheMessage() %>');
-
}
-
</script>
-
-
</body>
-
</html>
In the VB or C# code you would have to define 2 properties to make the above code work:
- the ShouldDisplayMessage property that returns true or false to indicate whether or not to display the message
- and the TheMessage property which returns a string containing the message to display
VB code:
-
Private _message As String ="" 'This string can be set any where in your Code Behind to say anything you want to say in the message box
-
-
Private _displayMessage As Boolean = False 'This boolean indicates whether or not the message box should be displayed...it can be set anywhere in your code behind as well....
-
-
Protected Property TheMessage As String
-
Get
-
return message
-
End Get
-
Set (ByVal value As String)
-
message = value
-
End Set
-
End Property
-
-
Protected Property ShouldDisplayMessage As Boolean
-
Get
-
return displayMessage
-
End Get
-
Set (ByVal value As Boolean)
-
displayMessage = value
-
End Set
-
End Property
-
You could also use the methods available to you in the Page.ClientScript class to register dynamic JavaScript with the page so that it is placed properly in the HTML....
Or you can use the ScriptManager if your site is Ajax Enabled to register your Scripts....or even the ScriptManagerProxy class.
There are a lot of ways to do it but I find that the above technique is easiest in a lot of cases.
See
how to use JavaScript in ASP.NET for an example of how to use the Page.ClientScript to register your dynamic JavaScript with the page.
83
