Welcome.
I have a common problem with the datagrid: when the data source contains
html tags (<script>doent.location.href='www.badsite.com' </script> for
example) the page with the datagrid becomes unsafe. I have found two
possible solutions in the net:
- using template columns and HTMLEncode
- using ItemCreated event of the datagrid
Both method works but the grid grows drasticly. And when I have
dynamicly created SQL query, used with AutoGenerateColumns property the
above methods do not apply.

I think the better solution is extending the datagrid in such way, that
the ServerHTML encode will be called on every bound column (without touching
hyperlink , template, etc columns). The problem is that I have to little
experience in writting controls to manage that. I don't know which methods
should be ovverriden and how. I think, something like "CreateItem" or
"InitializeItem" - but I'm totally mixed.
Could you point me in the right direction? (absolutly don't want the
ready code, I just need some ideas)

Regards