Occurs when the Cancel button is clicked for an item in the System.Web.UI.WebControls.DataList control.
A typical handler for the DataList.CancelCommand event sets the DataList.EditItemIndex property to -1 (to deselect the item) and then rebinds the data to the System.Web.UI.WebControls.DataList control.
Text is not HTML encoded before it is displayed in the System.Web.UI.WebControls.DataList control. This makes it possible to embed script within HTML tags in the text. If the values for the control come from user input, be sure to validate the values to reduce security vulnerabilities.
For more information about handling events, see How to: Consume Events in a Web Forms Application.
This control can be used to display user input, which might include malicious client script. Check any information that is sent from a client for executable script, SQL statements, or other code before displaying it in your application. You can use validation controls to verify user input before displaying the input text in a control. ASP.NET provides an input request validation feature to block script and HTML in user input. For more information, see Securing Standard Controls, How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings, and Introduction to Validating User Input in ASP.NET Web Pages.