Microsoft KB Archive/815186

= BUG: InnerText and InnerHTML Encoding Does Not Work as Expected =

Article ID: 815186

Article Last Modified on 4/30/2003

-

APPLIES TO


 * Microsoft ASP.NET 1.0
 * Microsoft ASP.NET 1.1

-



SYMPTOMS
When you use the InnerHtml property of a HtmlTextArea control on the server side to prevent automatic encoding that is performed with ASP.NET, the InnerHtml property does not prevent the encoding of special characters to HTML entities. For example, when the InnerHtml property is set to 'Hello', the angle bracket characters are converted to &lt; and &gt; respectively, and the text displayed on the page is ' Hello '.

When you use the InnerText property of a HtmlTextArea control on the server side to provide automatic HTML encoding, the InnerText property does not encode special characters to HTML entities. For example, when the InnerText property is set to 'Hello', the angle bracket characters are not converted to &lt; and &gt; respectively. Because of this, the browser detects the  tags and displays the text &quot;Hello&quot; in bold type.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
When the InnerHtml property of HtmlContainerControl is used to set special characters, it automatically encodes special characters to and from HTML entities. For more information about this control, visit the following Microsoft Developer Network (MSDN) Web site:

Shared HTML Control Properties

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconsharedhtmlcontrolproperties.asp

Steps to Reproduce the Behavior
 In Microsoft Visual Studio .NET, create a new ASP.NET Web Application project by using Microsoft Visual Basic .NET or Microsoft Visual C# .NET. By default, WebForm1.aspx is created. Right-click WebForm1, and then click View HTML.  Replace the existing code with the following code:

Visual Basic .NET
<%@ Page Language=&quot;vb&quot; %>    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Response.Write(TEXTAREA1.InnerHtml) End Sub

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Response.Write(TEXTAREA1.InnerText) End Sub    </P> <P> </P> <P><TEXTAREA id=&quot;TEXTAREA1&quot; name=&quot;TEXTAREA1&quot; rows=&quot;2&quot; cols=&quot;20&quot; runat=&quot;server&quot;> </TEXTAREA></P> <P> <asp:Button id=&quot;Button1&quot; runat=&quot;server&quot; Text=&quot;InnerHtml&quot; OnClick=&quot;Button1_Click&quot;></asp:Button> <asp:Button id=&quot;Button2&quot; runat=&quot;server&quot; Text=&quot;InnerText&quot; OnClick=&quot;Button2_Click&quot;></asp:Button></P> </HTML>

Visual C# .NET
<%@ Page Language=&quot;C#&quot; %> <HTML>  <script language=C# runat=&quot;server&quot;> private void Button1_Click(System.Object sender, System.EventArgs e)        { Response.Write(TEXTAREA1.InnerHtml); }

private void Button2_Click(System.Object sender, System.EventArgs e)        { Response.Write(TEXTAREA1.InnerText); }  </HEAD> <form id=&quot;Form1&quot; method=&quot;post&quot; runat=&quot;server&quot;> <P> </P> <P> </P> <P><TEXTAREA id=&quot;TEXTAREA1&quot; name=&quot;TEXTAREA1&quot; rows=&quot;2&quot; cols=&quot;20&quot; runat=&quot;server&quot;> </TEXTAREA></P> <P> <asp:Button id=&quot;Button1&quot; runat=&quot;server&quot; Text=&quot;InnerHtml&quot; OnClick=&quot;Button1_Click&quot;></asp:Button> <asp:Button id=&quot;Button2&quot; runat=&quot;server&quot; Text=&quot;InnerText&quot; OnClick=&quot;Button2_Click&quot;></asp:Button></P> </HTML> Note Add ValidateRequest=&quot;false&quot; attributes to the @Page directive in ASP.NET version 1.1. </li> On the Debug menu, click Start to run the application.</li> In the text area, type Hello, and then click InnerHtml or InnerText.</li></ol>

<div class="references_section">