Thursday, December 21, 2006

The Literal Server Contrl of ASP.NET 2.0

The best use for the Literal control is in scenarios where you want to render text and controls directly into a page without any additional markup.

The Literal control contains the Mode property, which is used to specify particular handling of the content of the Text property:

Mode : Description
PassThrough : The Text content is rendered as is.
Encode : The Text content is HTML-encoded.
Transform : The Text content is converted to match the markup languageof the requesting browser, such as HTML, XHTML, WML, or cHTML. If the markup language is HTML or XHTML, the content is passed through to the browser.

Security Alert:
By default, populating the Literal control with data from untrusted sources can create Cross Site Scripting (XSS) vulnerabilities. Set the Mode property to Encode to provide HTML encoding of untrusted data that will be placed into the Text property.

Posted by Dillone Hailei Wang 王海磊 at 12/21/2006 04:19:00 PM

Labels: , ,