ASP.NET inline code in a server control

Ok, we had a problem come up today at work. It is a strange one that I never would have even thought to try.

<form id="form1" runat="server" method="post" action="Default.aspx?id=<%= ID %>" >

Ok, it is very ugly and I wouldn't have ever tried it myself. It came up in some code that was written years ago but had been working up until this weekend after a bunch of updates were installed on a client's web server where the code is hosted.

The actual result of this is the following html:

<form name="form1" method="post" action="Default.aspx?id=&lt;%= ID %>" id="form1">

The url ends up like this:

http://localhost:6735/Default.aspx?id=<%= ID %>

Which as you can see, demonstrates that the "<" symbol is being encoded before ASP.NET actually processes the page. It seems strange to me as I thought that even though it is not pretty by any means, it should work. I'm confused.

To make matters worse, the client insists that it is a bug in IE since it appears to work in Firefox. In fact, it is broken in Firefox as well, except for some reason Firefox treats it as a 0.

Any ideas on why this happens and how to fix it easily? Everything I try to render within the server control ends up getting escaped.

Edit Ok, I found a "fix"

<form id="form1" runat="server" method="post" action='<%# String.Format("Default.aspx?id={0}", 5) %>' >

But that requires me to call DataBind 开发者_如何学JAVAwhich is adding more of a hack to the original hack. Guess if nobody thinks of anything else I'll have to go with that.

---

ASP.NET 3.5 added the "Action" property to the HtmlForm control. Your previous code worked just fine because "action" was just a string, and the code nugget would emit the additional data for you. Now that there is an Action property, you can't use a simple code emit nugget, since a server-side control expects a property to have a literal string value (same as any other server-side control property).

Your workaround of using the biding syntax is correct. To make it work like it used to, you would have to remove the runat=server tag on your form, which would then prevent the ASPX parser from treating it as an HtmlForm control, and instead treat it as a literal (where your code emit nugget would be allowed to work).

Your other option, which may be much cleaner - is to simply set the Form's action property through code-behind in the page_load. The reason the action property is set the way it is, was because in earlier versions of .NET Framework, there was no support for setting the Action property.

---

your form needs a runat=server