This one’s fairly minor because I can understand why Microsoft have done it this way. Still, it’s bugging me this morning so here goes…
For controls such as list boxes, the contents are automatically passed through an HtmlEncode function, which means that if you have, say, a ListItem with a value of "This & that", it will actually be written out to the page as "That & that". Now I’d say that’s sensible enough – it means you don’t have to do that kind of thing yourself when putting data into lists, and it’s especially useful if you’re binding your controls to a DataSource.
On the other hand, though, if you have a label control and do:
MyLabel.Text = "That & that";
…what appears on the page is "This & that". In other words, if you want to have the value passed through Server.HtmlEncode, you have to do it yourself.
I’ve previously had a problem with some of the data I get from SAP, in that there’s a division called "NAT®". Spot the problem? The "®" bit is the HTML code for the registration symbol, ®, and so what comes out in your browser is "NAT®’. (Yes, I know the ® bit is supposed to have a semicolon on the end, but IE doesn’t need it).
So my minor gripe is: if one set of controls does automatic escaping, why doesn’t the other? After all, you can bind labels to a dataset too.