Quote:
table.AppendLine("<td contenteditable=""true"" onfocusout=""SaveVal({0},{1})"">{1}</td>", item.id, item.cellvalue)
You haven't quoted the values you're passing to your function. Unless both
id
and
cellvalue
are numbers, you will either get a syntax error, or they will be treated as references to undeclared variables.
You will also need to encode the values properly to avoid persisted cross-site scripting vulnerabilities and other errors. For ASP.NET (WebForms), use a combination of
System.Web.HttpUtility.HtmlAttributeEncode
and
System.Web.HttpUtility.JavaScriptStringEncode
for the attribute, since you need to encode for both contexts, and
System.Web.HttpUtility.HtmlEncode
for the cell value.
table.AppendLine("<td contenteditable=""true"" onfocusout=""SaveVal({0},{1})"">{2}</td>",
HttpUtility.HtmlAttributeEncode(HttpUtility.JavaScriptStringEncode(item.id, true)),
HttpUtility.HtmlAttributeEncode(HttpUtility.JavaScriptStringEncode(item.cellvalue, true)),
HttpUtility.HtmlEncode(item.cellvalue));