Code: Select all
<asp:LinkButton ID="D" runat="server" ToolTip="Delete" CommandName="Do_Delete" CommandArgument='<%#Eval("Id")%>' OnClientClick='<%# Eval("Name", "return confirm(\"Are you sure you want to delete {0}?\")") %>'>
<asp:Image ID="DI" runat="server" SkinID="DeleteIcon" />
</asp:LinkButton>
Code: Select all
<a onclick="return confirm("Are you sure you want to delete ProductName" Long?");" id="ctl00_MainContent_PG_ctl17_D" title="Delete" href="javascript:__doPostBack('ctl00$MainContent$PG$ctl17$D','')">
<img id="ctl00_MainContent_PG_ctl17_DI" src="../../App_Themes/FrescaAdmin/Images/Icons/delete.gif" align="absmiddle" />
</a>
Code: Select all
onclick="return confirm("Are you sure you want to delete ProductName - 30" Long?");"
Code: Select all
confirm("Are you sure you want to delete ProductName - 30" Long?");This is a tough problem to solve for a couple reasons. First, you need to handle the possibility of both single and double quotes in a product name if you are going to display it like this. Second, you can't even pre-encode the product name because passing " to the confirm function is not valid because it does not html decode the string so you literally see """ in the message.
My guess is that this will render those products undeletable in the database because if the user clicks the delete button the javascript call will fail and the delete code will never run.
My recommendation is to:
* Remove the name from the popup (which I don't like much because it's extra assurance that they clicked the right button)
* Check for " or ' in the name and don't show the name for those products (that's a bit better at least)
* Remove " or ' from the name. The name won't be as clear but at least it'll still show up. (the best of the non-ideal options in my opinion)
I decided to go with option 3.
My implementation is not the best but it'll certainly do until Able comes up with a more elegant fix.
I created a new helper class file in App_Code (though you could add this to an existing helper but you'll have to migrate during updates if you do). My helper looks like this:
Code: Select all
namespace AbleCommerce.Code
{
using System;
public class MyHelpers
{
public static string FormatForJSArg(string format, object arg)
{
var safe = arg.ToString().Replace("'", "").Replace("\"", "");
return string.Format(format, safe);
}
}
}
Code: Select all
OnClientClick='<%# AbleCommerce.Code.MyHelpers.FormatForJSArg("return confirm(\"Are you sure you want to delete {0}?\")", Eval("Name")) %>'
Note, my FormatForJSArg is not a general purpose replacement for string.Format. It doesn't respect certain formatting options. For instance, if the original format string was intended to work with input that is not a string then it will no longer work right because I have to force the input to be a string. It should be fine with any format string intended to have string input but don't go around replacing string.Format() or Eval() with my version without knowing what you are doing and testing it out with your data. (No warranty expressed or implied, your mileage may vary, void where prohibited, batteries not included, etc.)
I hope this helps and I look forward to R7 including a much better fix than this.
.com