Insert html tag to a Database as a String and retrieve it back in C#

Question

I want to insert html tag to a Database as a String and retrieve it back. after retrieved it ,I want to bind it in Grid.

as a example

String word = "<h1>This is Heading </h1> \n <h2>This is body</h2> \t This is after tab";

after I bind to the grid it should be

This is Heading(in a big font size)

This is body(in small font) - (tab space) This after tab

However this way is not working. It shows <h1>This is Heading </h1> \n <h2>This is body</h2> \t This is after tab word instead of applying real HTML behavior. I tryout with '\' special character removal but it remain same result.

Please help me.

Answer 1

you can bind your text in literal control it will represent the actual HTML formatted text. like :

ltrlMsg.Text="<div class=\"Message Success\"> Your Message has been sent successfully! </div>"

or you can bind in you grid too.

Answer 2

Saving into DB is not a problem, you can save directly the string into DB,But when displaying on UI you must use HttpUyility.HtmlEncode(), else it will invite Javascript Hacking.

But if you are entering data from WebPage, make sure Input Validations are turned off Else you will get XSS script attack error.

Answer 3

Exactly which control are you using? Most of them will escape html like that for you, and to get it to be written 'as-is' you have to set a property.

If you're using GridView, then you can set the HtmlEncode on your BoundColumn to false.

http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.boundfield.htmlencode.aspx

If you're using AutoGenerateColumns, see this SO thread: Prevent HTML encoding in auto-generated GridView columns