Dear All,
As mentioned in subject, I am using GridView in my page. It was working till the time I have unsafe-inline mentioned in content security policy. However, now same has to remove due to security issues. After removing it, edit/update/cancel events with file download click events stopped working.
Kindly help and suggest.
What I have tried:
I have added
addEventListener
in separate Java script file. It is adding the events, however on editing it is catching last index of records.
Quote:
<asp:GridView ID="gv_Master" HorizontalAlign="Center" runat="server" Width="100%" AutoGenerateColumns="False" DataKeyNames="ID" EmptyDataText="No records found.">
<HeaderStyle CssClass="gvHeader" />
<Columns>
<asp:TemplateField HeaderText="Action" ItemStyle-Width="4%">
<ItemTemplate>
<asp:LinkButton ID="btnEdit" Text="Edit" runat="server" CommandName="Edit" CommandArgument="Edit" />
</ItemTemplate>
<EditItemTemplate>
<asp:LinkButton ID="btnUpdate" Text="Update" runat="server" CommandName="Update" CommandArgument="Update" />
<asp:LinkButton ID="btnCancel" Text="Cancel" runat="server" CommandName="Cancel" CommandArgument="Cancel" />
</EditItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Id" Visible="false">
<ItemTemplate>
<asp:Label ID="lblID" runat="server" Text='<%# Eval("ID")%>'></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Left" />
</asp:TemplateField>
<asp:TemplateField HeaderText="No." ItemStyle-Width="6%">
<ItemTemplate>
<asp:Label ID="NO" runat="server" Text='<%# Eval("NO")%>' Style="text-transform: uppercase"></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Left" Wrap="True" />
</asp:TemplateField>
<asp:TemplateField HeaderText="Name" ItemStyle-Width="24%">
<ItemTemplate>
<asp:Label ID="NAME" runat="server" Text='<%# Eval("NAME")%>' Style="text-transform: uppercase"></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Left" />
</asp:TemplateField>
<asp:TemplateField HeaderText="Active Status" ItemStyle-Width="10%">
<ItemTemplate>
<asp:DropDownList ID="ddlActive" runat="server" Enabled="false" SelectedValue='<%# Eval("[BEM_ACTIVE]")%>'>
<asp:ListItem Value="1" Text="Active"></asp:ListItem>
<asp:ListItem Value="0" Text="De - active"></asp:ListItem>
</asp:DropDownList>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Download Files" ItemStyle-Width="18%">
<ItemTemplate>
<asp:LinkButton ID="hl_file" runat="server" Text='<%# Eval("File")%>' CommandArgument='<%# Eval("File_Path")%>' CommandName='lnkAttachment'></asp:LinkButton>
</ItemTemplate>
<ItemStyle HorizontalAlign="Left" />
<EditItemTemplate>
<asp:FileUpload runat="server" ID="fld_file" />
<asp:LinkButton ID="hl_file" runat="server" Text='<%# Eval("File")%>' CommandArgument='<%# Eval("File_Path")%>' CommandName='lnkAttachment'></asp:LinkButton>
</EditItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Reason" ItemStyle-Width="18%">
<ItemTemplate>
<asp:Label ID="REASON" runat="server" Text='<%# Eval("REASON")%>' Style="text-transform: uppercase"></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Left" />
<EditItemTemplate>
<asp:TextBox ID="REASON" runat="server" Text='<%# Bind("REASON")%>' Width="90%" MaxLength="200" Style="text-transform: uppercase"></asp:TextBox>
</EditItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
Public Sub binddata()
Dim dsExeRpt As New DataTable
con = New SqlClient.SqlConnection(System.Configuration.ConfigurationManager.AppSettings("MyConnectionString"))
Cmd = New SqlClient.SqlCommand("GET_MasterData", con)
Cmd.CommandType = CommandType.StoredProcedure
con.Open()
dr = Cmd.ExecuteReader
dsExeRpt.Load(dr)
If dsExeRpt.Rows.Count > 0 Then
gv_Master.DataSource = dsExeRpt
gv_Master.DataBind()
gv_Master.Visible = True
Else
gv_Master.DataSource = dsExeRpt
gv_Master.DataBind()
gv_Master.Visible = True
End If
dr.Close()
dr.Dispose()
con.Close()
End Sub
Protected Sub gv_MemMaster_RowCancelingEdit(sender As Object, e As GridViewCancelEditEventArgs) Handles gv_Master.RowCancelingEdit
gv_Master.EditIndex = -1
Session("Edit") = 0
binddata()
End Sub
Protected Sub gv_MemMaster_RowCommand(sender As Object, e As GridViewCommandEventArgs) Handles gv_Master.RowCommand
If e.CommandName = "lnkAttachment" Then
DocumentUploadDownload.ClsFileDownload.DocumentDownload(e.CommandArgument.ToString())
End If
End Sub
Protected Sub gv_MemMaster_RowEditing(sender As Object, e As GridViewEditEventArgs) Handles gv_Master.RowEditing
gv_Master.EditIndex = e.NewEditIndex
row = gv_Master.Rows(gv_Master.EditIndex)
ID = gv_Master.DataKeys(row.RowIndex)("ID")
hd_gvIndex.Value = row.RowIndex
Session("Edit") = 1
binddata()
End Sub
var gv_Master= document.getElementById('gv_Master');
if (gv_Master!= null) {
for (var rowId = 1; rowId < gv_Master.rows.length; rowId++) {
var InnerText = gv_Master.rows[rowId].cells[0].children[0].innerText;
if (InnerText == 'Edit') {
var btnEdit = gv_Master.rows[rowId].cells[0].children[0].id;
var Ehref = gv_Master.rows[rowId].cells[0].children[0].href.replace("javascript:__doPostBack(", "");
var Ehref1 = Ehref.replace(",'')", "");
var Ehref2 = Ehref1.replace("'", "");
var EhreFinal = Ehref2.replace("'", "");
var btnEdit = document.getElementById(btnEdit, gv_Master);
btnEdit.addEventListener('click', function () { __doPostBack(EhreFinal, ''); }, false);
}
if (InnerText == 'Update') {
var btnUpdate = gv_Master.rows[rowId].cells[0].children[0].id;
var Uhref = gv_Master.rows[rowId].cells[0].children[0].href.replace("javascript:__doPostBack(", "");
var Uhref1 = Uhref.replace(",'')", "");
var Uhref2 = Uhref1.replace("'", "");
var UhreFinal = Uhref2.replace("'", "");
var btnUpdate = document.getElementById(btnUpdate, gv_Master);
btnUpdate.addEventListener('click', function () { __doPostBack(UhreFinal, ''); }, true);
var btnCancel = gv_Master.rows[rowId].cells[0].children[1].id;
var Chref = gv_Master.rows[rowId].cells[0].children[1].href.replace("javascript:__doPostBack(", "");
var Chref1 = Chref.replace(",'')", "");
var Chref2 = Chref1.replace("'", "");
var ChreFinal = Chref2.replace("'", "");
var btnCancel = document.getElementById(btnCancel, gv_Master);
btnCancel.addEventListener('click', function () { __doPostBack(ChreFinal, ''); }, true);
}
}
}
<pre>
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
var theForm = document.forms['form1'];
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}