How do I prevent HTML encoding of attributes in the code behind?

问题

I have the following in my aspx.

<html>
    <body>
        <input id="but" type="button" value="ClickMe" />
    </body>
</html>

Code behind

//Pageload
but.Attributes.Add("onclick", "this.parentNode.innerHTML += '<a id=""link"" href=""mylink""></a>';document.getElementById(""link"").click();");

Rendered html

<input name="ctl00$Content$btn" type="button" id="ctl00_Content_btn" value="ClickMe" 
onclick="this.parentNode.innerHTML += '&lt;a id=&quot;link&quot; href=&quot;mylink&quot;>&lt;/a>';document.getElementById(&quot;link&quot;).click();" />

How can I get the < > " characters to render properly?

回答1:

You cannot render these characters without encoding.

From MSDN

You cannot add client-side script to a WebControl instance using the Attributes collection. To add client-side script, use the ClientScript property on the Page control.

If you insist, just render your own control.

回答2:

Thanks Aristos, this works.

Page.ClientScript.RegisterStartupScript(Me.GetType(), "butClick", "function butClick() {this.parentNode.innerHTML += '<a id=""link"" href=""mylink""></a>';document.getElementById(""link"").click();}")
but.Attributes.Add("onclick", "butClick();");

回答3:

Override your Render method for the control and add this line:

base.Attributes.Add("onclick", Page.ClientScript.GetPostBackEventReference(new PostBackOptions(this, string.Empty)));

And on the page it should render as:

onclick="__doPostBack('ctl00$ctl00$PageContent$LocalContents$button_id', '')"

Which IE should understand as a postback reference, so it shouldn't encode it. .Net should match it up with your server side event handler

回答4:

If you really want to prevent the encoding of parameters, you'll need to create your own customized control and override the AddAttributesToRender method. Obviously this isn't very flexible because you'll need to create a separate custom control for each type of control you use.

Fortunately, this is very easy and only needs a few lines of code so may work out. Here is the complete code needed for a customized button:

public class MyCustomButton : Button
{
    protected override void AddAttributesToRender(HtmlTextWriter writer)
    {
        base.AddAttributesToRender(writer);
        writer.AddAttribute("onclick", "myJavascriptFunction('a string');", false); // passing false to the AddAttribute method tells it not to encode this attribute.
    }
}

Obviously, this only appends a hard-coded onclick to the end of the attributes and may interfere if an onclick has already been provided. If you wanted to take this further, you could iterate over the actual Attributes collection and add them all this way.

回答5:

.net 4.0 has inbuilt functionality. http://msdn.microsoft.com/en-us/library/system.web.httputility.javascriptstringencode.aspx - from the docs.

来源：https://stackoverflow.com/questions/6852069/how-do-i-prevent-html-encoding-of-attributes-in-the-code-behind