Strings Passed to Web Controls
In this lesson, we address the displayable text that is associated
with Web Controls. To begin this process, make sure that html_scan
is selected in the Scan dropdown and General Patterns
is selected in the Results dropdown. Earlier on in the rules
editing lesson, we added a custom rule to the General
Patterns category. It was designed to detect calls to a custom
control in the project code called
AControl .
This control can be passed string values that are processed by the
control and displayed in the web page in which it is embedded.
These strings aren't shown in the Embedded Strings Scan
Results because they're not defined between matching tags,
as is the standard for HTML strings. So for Controls that are
passed display-string values, Globalyzer users must create their own detection rules in
the General Patterns category. The one we already
created for this control was one such pattern:
SimpleAlias:AControl[^>]*"[^">]+"[^>]*>
The display strings passed into
AControl
can't be externalized in the normal fashion because we can't insert
a code block inside a tag that is already processed on the server.
Though it is used only once in our sample code, Controls are
intended for re-use and the string values might be set differently
from each .aspx page in which the control is embedded.
In our example we will replace each display-string argument passed
into the control with the retrieval key for the .resx file. But
first, we will refactor AControl.cs to accept the key
instead of the actual display text from the pages and then use that
key to retrieve the translated string from the resource.
Open AControl.cs in the Editor view by
right-clicking on the AControl.cs file in Project Explorer and
selecting Open or Open With. Or simply by double-clicking on the file in
the Project Explorer.
You will also need to open Resourcer.cs in the same
fashion.
-
Inside the
AControl
constructor, uncomment the line of code that instantiates the
ResourceManager
member variable:
mgr = new ResourceManager("simple.MyResources", Assembly.GetExecutingAssembly());
Bear in mind that this code won't run until we place the MyResources.resx
file in the web root directory for our web application, a step we
will take once we've completed all of the string externalization.
Save your changes to AControl.cs.
Make similar changes to
Resourcer ,
which provides the string retrieval functionality for the .aspx
pages. Inside the
Resourcer
constructor, uncomment the line of code that instantiates the
ResourceManager
member variable:
manager = new ResourceManager("simple.MyResources", Assembly.GetExecutingAssembly());
Save your changes to Resourcer.cs.
Now we are going to edit the properties for the strings that can
be set from within the web page that the control is embedded.
Return to AControl.cs and go to the set clause of the
WelcomeMessage
property (line 69, can use Ctrl-L) and alter it to use the
value passed into it to retrieve the string from the resource and
set it with the retrieved value instead of the passed-in value:
set
{
welcomeMessage = mgr.GetString(value);
}
-
Do the same for the set clause of the
SubjectMessage
property (line 84):
set
{
subjectMessage = mgr.GetString(value);
}
Press Ctrl-S to save your work. Normally we would do this
for all the exposed properties of the control, but for our sample
program, we know only these properties are set from the .aspx
pages.
-
Now return to the Scan Results view and double-click on
the SimpleAlias:AControl row. You will be taken to the
spot in
simple.aspx
where the control is embedded.
-
The entire control tag will be highlighted in the source
file. Highlight only the first display message as follows:
Be sure that you don't select the quotation marks around
Search by Category.
-
Externalize the string by clicking on the Externalize Selected
String button .
-
Because we only need to pass in the key to retrieve the string,
delete the
GetString
call as well as the server-side tags and the opening and closing
parentheses - leaving only the key itself between the quotation
marks:
-
Save the file using Ctrl-S. Repeat the previous steps to externalize the second display
string passed into the control.
-
Lastly, as we did in the previous lesson, we want to change the Status for the row so that it won't
appear as Active after the next Scan.
Right-click on the Scan Results issue for the selected row and
select Ignore. Globalyzer will remember this setting if you
scan again, as long as you don't alter the associated Rule Set or
significantly modify the source file.
We've now handled the all embedded strings in the HTML code.
In the next lesson we will scan and address the i18n issues in the
C# source.
|