Ad

Encoded Character Is Used Instead The Correct One

- 1 answer

I have a little problem and I'm hopping that you can help me solve this annoying issue.

I need to use an iFrame in an administration panel to let users use the selection service, and in the HTML I have:

<iframe scrolling="yes" runat="server" title="Par Selection" id="iFrame"
    frameborder="0" enableviewstate="true" width="100%" height="490" />

in my code-behind file I have:

iFrame.Attributes.Add("src", String.Format(
            "https://www.parurval.se/urval/?username={0}&password={1}",
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Username),
            parSettings.GetSettings(parSettings.SettingsType.PARSelection, parSettings.SectionType.Password)));

The output is this:

<iframe id="tcMain_tabPARSelection_iFrame" scrolling="yes" title="Par Selection" 
   frameborder="0" width="100%" height="490" 
   src="https://www.parurval.se/urval/?username=myUsername&amp;password=myPassword">
</iframe>

Please note the &amp; instead & sign in the src address when passing username and password

How can I prevent this?

I tried with HttpUtility.Decode( myCompleteUrl ) but with the same achievement :(

The worst thing is, if the src code has only the address

... src="https://www.parurval.se/urval/" ...

I'm not able to input the user/pwd, I see the form and I can enter text, but it does nothing, it only refreshes the iframe inner page, doing this in a full window, works fine.

And in that administration panel I have a textbox to the user add the username and password in order that entering the Administration page, I will jump directly to the service in the iFrame so the user does not need to enter user/pwd to login every time, that is way I'm trying to add those values dynamically.

Any ideas?

Added: If I put the correct URL address (with user and pwd) in the iFrame src attribute in the HTML side (not dynamically) all works fine :(

Ad

Answer

The presense of the &amp; is actually correct there. Most browsers are forgiving enough not to choke on just seeing & there, but it's technically not correct.

Ad
source: stackoverflow.com
Ad