Nov 30, 2009 at 7:52 AM
Edited Nov 30, 2009 at 7:52 AM
I use HAP to parse HTML output on the fly from an ASP.NET filter I developed called
Secure Parameter Filter (SPF). An SPF user pointed out an odd scenario that I figured I would post here to get an official response. Essentially the text from an asp:linkbutton
was being swallowed when it contained an un-encoded < or > character.
For example, the following code:
<asp:LinkButton ID="Foo" runat="server" Text="< BAR" Font-Size="8" Font-Bold="true"></asp:LinkButton>
normally produces the following HTML:
However, if the page is loaded into HAP and then rendered back out, it produces the following:
So HAP appears to be parsing the '<' in the string "< BAR" and then incorrectly "fixing" the HTML by replacing "BAR" with a '>'
The workaround I suggested was to HTML encode the '<' so that the string renders as "< BAR" instead. This worked perfectly and is arguably the way that value should have been represented in the first place, however I am
curious to hear whether this is a scenario that HAP should be able to handle. You can find the original thread
here for reference.