Using a DateFormatString in an ASP.NET 2.0 GridView

I ran into this issue preparing for the Visual Studio 2005 launch last week, so I thought I'd share the solution...if you're trying to reformat a date column in a databound ASP.NET 2.0 GridView control, you may have discovered that just setting the DateFormatString of the column to the desired value (such as "{0:d}") doesn't have any effect. That's because the GridView applies HTML encoding by default, which prevents the formatting from being applied.

To make this work, all you need to do is open up the GridView Tasks shortcut window (click on the little > symbol at the top right of the control) and click the Edit Columns link. Then select the desired column in the Selected fields box, and set its HtmlEncode property to False.

Keep in mind, of course, that any time you're pulling data from a database, particularly if that data originated from untrusted sources (such as user input), it's a good idea to use HTML encoding to mitigate the risk of cross-site scripting attacks. So if you turn off encoding for a given column, it's up to you to ensure the safety of that data for display.