ASP.NET - Display the content of a Html File on a literal control (without special characters)

Asked By shekhar kumar on 07-Dec-09 07:01 AM

Hi,
I am Displaying a HTML file on a literal control.
I am using Microsoft Word for creating the HTML file.
When I am displaying the data on literal control it is showing some special characters.
How can I remove those characters. Should I use some encoding (response encoding ) in the page directive or there is some other way.
The code for display the file is following

try
{
      string path = Server.MapPath(dsSubItem.Tables[0].Rows[0]["SubItem_FileName"].ToString());
      if (dsSubItem.Tables[0].Rows[0]["SubItem_FileName"].ToString() != "")
      {
            using (StreamReader reader = File.OpenText(path))
            {
                     string fileContents = reader.ReadToEnd();
                      this.Literal1.Text = Server.HtmlDecode(fileContents);
             }
        }
        else
        {
               Literal1.Text = "<b><font familiy='Verdana'>File Does not Exist. </font></b>";
         }
   }
   catch (FileNotFoundException ex)
   {
         Literal1.Text = "<b><font familiy='Verdana'>File Does not Exist. </font></b>";
     }
     catch (Exception ex)
     {
             Literal1.Text = "<b><font familiy='Verdana'>Access Denied. </font></b>";
       }

Thanks
Shekhar

Do Server.HtmlEncode

Huggy Bear replied to shekhar kumar on 07-Dec-09 07:06 AM

The issue is your are doing a HtmlDecode, which will convert blank space to   and such things. So please use Server.HtmlEncode which assigning the text to the LiteralControl Modify your code as shown below.

   try
   {
      string path = Server.MapPath(dsSubItem.Tables[0].Rows[0]["SubItem_FileName"].ToString());
      if (dsSubItem.Tables[0].Rows[0]["SubItem_FileName"].ToString() != "")
      {
            using (StreamReader reader = File.OpenText(path))
            {
                     string fileContents = reader.ReadToEnd();
            	     //Use encoding instead of decode.
                     this.Literal1.Text = Server.HtmlEncode(fileContents);
             }
        }
        else
        {
               Literal1.Text = "<b><font familiy='Verdana'>File Does not Exist. </font></b>";
         }
   }
   catch (FileNotFoundException ex)
   {
         Literal1.Text = "<b><font familiy='Verdana'>File Does not Exist. </font></b>";
   }
   catch (Exception ex)
   {
         Literal1.Text = "<b><font familiy='Verdana'>Access Denied. </font></b>";
   }

Use HTML.Encode

Venkat K replied to shekhar kumar on 07-Dec-09 07:22 AM

When you are generating the dynamic HTML and display on page you need to do a proper encoding (to overcome the cross-side scripting).

when dynamically create HTML tags and construct tag attributes with potentially unsafe input, make sure you HTML-encode the tag attributes before writing them out.

The following .aspx page shows how you can write HTML directly to the return page by using the <asp:Literal> control. The code takes user input of a color name, inserts it into the HTML sent back, and displays text in the color entered. The page uses HtmlEncode to ensure the inserted text is safe.

<%@ Page Language="C#" AutoEventWireup="true"%>

<html>
<form id="form1" runat="server">
    <div>
      Color: <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
      <asp:Button ID="Button1" runat="server" Text="Show color"
         OnClick="Button1_Click" /><br />
      <asp:Literal ID="Literal1" runat="server"></asp:Literal>
    </div>
</form>
</html>

<script runat="server">
private void Page_Load(Object Src, EventArgs e)
{
    protected void Button1_Click(object sender, EventArgs e)
    {
      Literal1.Text = @"<span style=""color:"
        + Server.HtmlEncode(TextBox1.Text)
        + @""">Color example</span>";
    }
}
</Script>

Thanks,

thanks

shekhar kumar replied to Huggy Bear on 07-Dec-09 07:25 AM

Thanks for the response but when I am using HtmlEncode(name);
It is showing all the text with the html tags like (<html> etc);

I want to show only the text of the html page.

Thanks.

Re

Huggy Bear replied to shekhar kumar on 07-Dec-09 08:08 AM

Can you replace the Literal with a DIV tag. It will allow you to set the InnerHtml value for the control.

1. Create a DIV tag

2. Provide an ID for it

3. Make it runat="server"

4. Assingn the text as htmlDiv.InnerHtml = "Html Text";

Thanks for the response.

shekhar kumar replied to Huggy Bear on 07-Dec-09 08:18 AM

Thanks for the response but when there is single quotes( ‘) it is showing as follows.
� and other special characters.
My code is below
Literal1.InnerHtml = Server.HtmlDecode(fileContents);
where Literal1 is a html div
and many other encodes.

Thanks.

Strange.

[)ia6l0 iii replied to shekhar kumar on 07-Dec-09 12:29 PM

Which browser do you use , and which version is it?

These are called as Meta characters and all new browsers support it. If the browser does not support, you would see your single quotes appearing as question symbols.

HTML Encode should ideally take care of this.

Re

Huggy Bear replied to shekhar kumar on 07-Dec-09 11:38 PM

Try doing an encode and then set the text to the div instead of decoding.

Literal1.InnerHtml = Server.HtmlEncode(fileContents);

Thanks for the response.

shekhar kumar replied to [)ia6l0 iii on 08-Dec-09 12:58 AM

In IE 8, Mozilla Firefox(3.5.5), Safari all of the browsers showing the special characters.
The link of the page is http://59.144.174.161/unaidsguyana/DisplayMore.aspx?chkey=27&subchkey=0&itemid=120&ChannelName=About%20Us&SubChannelName=none&SubItemID=0

Thanks.
shekhar.

Thanks for the response.

shekhar kumar replied to Huggy Bear on 08-Dec-09 01:04 AM

When I am using HtmlEncode it is showing all the tags.
But if I am using Server.HtmlDecode(fileContents)
I am getting the special characters.

Thanks
Shekhar.

Re

Huggy Bear replied to shekhar kumar on 08-Dec-09 01:52 AM

Did you try setting the InnerHtml of div with encode? I suppose that you previously tried it with the literal.

Thanks

shekhar kumar replied to Huggy Bear on 09-Dec-09 04:19 AM

I have tried it but still the result is same. I have a website running in asp which has similar thing but that is running fine. Am I missing something.

Thanks
Shekhar.