Strings Passed to Web Controls

In this lesson, we address the displayable text that is associated with Web Controls. To begin this process, make sure that html_scan is selected in the Scan dropdown and General Patterns is selected in the Results dropdown. Earlier on in the rules editing lesson, we added a custom rule to the General Patterns category. It was designed to detect calls to a custom control in the project code called AControl.

This control can be passed string values that are processed by the control and displayed in the web page in which it is embedded. These strings aren't shown in the Embedded Strings Scan Results because they're not defined between matching tags, as is the standard for HTML strings. So for Controls that are passed display-string values, Globalyzer users must create their own detection rules in the General Patterns category. The one we already created for this control was one such pattern:

SimpleAlias:AControl[^>]*"[^">]+"[^>]*>

The display strings passed into AControl can't be externalized in the normal fashion because we can't insert a code block inside a tag that is already processed on the server. Though it is used only once in our sample code, Controls are intended for re-use and the string values might be set differently from each .aspx page in which the control is embedded.

In our example we will replace each display-string argument passed into the control with the retrieval key for the .resx file. But first, we will refactor AControl.cs to accept the key instead of the actual display text from the pages and then use that key to retrieve the translated string from the resource.

1. Open AControl.cs in the Editor view by right-clicking on the AControl.cs file in Project Explorer and selecting Open or Open With. Or simply by double-clicking on the file in the Project Explorer.

   You will also need to open Resourcer.cs in the same fashion.

2. Inside the AControl constructor, uncomment the line of code that instantiates the ResourceManager member variable:
   

             mgr = new ResourceManager("simple.MyResources", Assembly.GetExecutingAssembly());
             

   Bear in mind that this code won't run until we place the MyResources.resx file in the web root directory for our web application, a step we will take once we've completed all of the string externalization. Save your changes to AControl.cs.

3. Make similar changes to Resourcer, which provides the string retrieval functionality for the .aspx pages. Inside the Resourcer constructor, uncomment the line of code that instantiates the ResourceManager member variable:

             manager = new ResourceManager("simple.MyResources", Assembly.GetExecutingAssembly());
             

   Save your changes to Resourcer.cs.

4. Now we are going to edit the properties for the strings that can be set from within the web page that the control is embedded. Return to AControl.cs and go to the set clause of the WelcomeMessage property (line 69, can use Ctrl-L) and alter it to use the value passed into it to retrieve the string from the resource and set it with the retrieved value instead of the passed-in value:

             set
             { 
               welcomeMessage = mgr.GetString(value); 
             }
             

5. Do the same for the set clause of the SubjectMessage property (line 84):

             set
             { 
               subjectMessage = mgr.GetString(value); 
             }
             

   Press Ctrl-S to save your work. Normally we would do this for all the exposed properties of the control, but for our sample program, we know only these properties are set from the .aspx pages.

6. Now return to the Scan Results view and double-click on the SimpleAlias:AControl row. You will be taken to the spot in simple.aspx where the control is embedded.

7. The entire control tag will be highlighted in the source file. Highlight only the first display message as follows:

   

   Be sure that you don't select the quotation marks around Search by Category.

8. Externalize the string by clicking on the Externalize Selected String button .

9. Because we only need to pass in the key to retrieve the string, delete the GetString call as well as the server-side tags and the opening and closing parentheses - leaving only the key itself between the quotation marks:

   

10. Save the file using Ctrl-S. Repeat the previous steps to externalize the second display string passed into the control.

11. Lastly, as we did in the previous lesson, we want to change the Status for the row so that it won't appear as Active after the next Scan. Right-click on the Scan Results issue for the selected row and select Ignore. Globalyzer will remember this setting if you scan again, as long as you don't alter the associated Rule Set or significantly modify the source file.

We've now handled the all embedded strings in the HTML code. In the next lesson we will scan and address the i18n issues in the C# source.