Share via


Using “Disable Output Escaping” in Data View

Hi everyone, Saiyue Yu here. 

For any field that may be rendered by SharePoint as HTML, you need to disable output escaping. At the code level, this essentially means setting disable-output-escaping = “yes” attribute for the field’s xsl:value-of tag in the Data View. When you do this, make sure that your data source is trustworthy because of the potential security risk for cross site scripting.

Usually the user doesn’t have to worry about output escaping for SharePoint Data Views. Before a Data View is created, Sharepoint Designer retrieves the data types for the selected fields. If a field is Rich Text, which will be rendered as HTML, disabling output escaping is automatically completed.

There are cases when the field schema information is not available, or not considered. The former case can happen when you insert a Data View for a RSS feed. For example, when you create a Data View for New York Times RSS Feed for Education (https://www.nytimes.com/services/xml/rss/nyt/Education.xml, you can do it by clicking MenuBar > Data View > Manage Data Sources to bring up the Data Source Library task pane, and then add the XML file,) the rendering of the description column is Text instead of Rich Text. Because there is no schema information for SharePoint Designer to know that the description column should be rendered as Rich Text, SharePoint Designer renders the column as the fallback type which is Text .

clip_image002

There are also cases when the field schema information is available but not considered by SharePoint Designer, and drag-n-dropping is such a case. For example, you have a Data View to display the food category information from a SharePoint List. When you created the Data View, you chose to show only CategoryID and Title columns. Later you decide to add the Description field, and it is done by adding another column to the Data View and drag-n-dropping the Description field from the Data Source Details Task Pane. Although the data type for the Description field is Rich Text and the schema has this information, but since the schema information is not considered in the drag-n-dropping situation, the rendering of this Rich Text field will contain escaped sequence like & :

clip_image004

To correct the rendering, you can bring up the Common xsl:value-of Tasks dialog for the field, and choose to format the field as Rich Edit:

clip_image005

Once output escaping is disabled, you will see the HTML content correctly rendered:

clip_image006

clip_image007

Thanks,

Saiyue Yu

Comments

  • Anonymous
    September 20, 2008
    PingBack from http://hoursfunnywallpaper.cn/?p=7090

  • Anonymous
    September 20, 2008
    It might be worth noting that you can also change the ItemStyle for summary links descriptions and page descriptions to disable output escaping, which in turn displays HTML tags as they should.  I don't know why you guys didn't make this a UI option in SharePoint's web UI instead of forcing output escaping in the most difficult areas to modify. WARNING:  Some thinking may be required.

  • Anonymous
    September 23, 2008
    Una vez más, os presentamos el recopilatorio (con periodicidad mensual) de recursos interesantes que

  • Anonymous
    October 14, 2008
    I'm doing a Joined Subview from a Linked Source.  List B has a Lookup column to the Title column of List A, and the join is on those columns.  However, when I view the Data Source Details of the dsQueryResponse, the Lookup column of List B has escaped content, while the Title column of List B does not.  As a result, the XPath expression doing the join fails if the Title column contains these characters <>&"' being escaped.  Any solutions?