help stopping people putting scripts into form fields

Discussion in 'ASP General' started by mark r, Jun 3, 2007.

  1. mark r

    mark r Guest

    Hi there, im making a simple site where people can add comments into a
    shoutbox. only ive had experience of people adding in html tags and
    javascript to redirect people away from my site and display images etc
    which im not interested in.

    how do i stop this from happening? is there a way to intercept the
    form contents and kick out the
    code leaving plain text? or changing the code so it displays the real
    code using < and > ?

    many thanks
    mark
    mark r, Jun 3, 2007
    #1
    1. Advertising

  2. mark r wrote:
    > Hi there, im making a simple site where people can add comments into a
    > shoutbox. only ive had experience of people adding in html tags and
    > javascript to redirect people away from my site and display images etc
    > which im not interested in.
    >
    > how do i stop this from happening? is there a way to intercept the
    > form contents and kick out the
    > code leaving plain text?


    While difficult, it is do-able. Some regular expressions for finding html
    tags in strings have posted in this group in the past. A google search
    should reveal them.

    > or changing the code so it displays the real
    > code using < and > ?
    >

    Use Server.HTMLEncode in your Response.Writes

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows [MVP], Jun 3, 2007
    #2
    1. Advertising

  3. mark r

    mark r Guest

    On Jun 3, 2:04 pm, "Bob Barrows [MVP]" <>
    wrote:
    > mark r wrote:
    > > Hi there, im making a simple site where people can add comments into a
    > > shoutbox. only ive had experience of people adding in html tags and
    > > javascript to redirect people away from my site and display images etc
    > > which im not interested in.

    >
    > > how do i stop this from happening? is there a way to intercept the
    > > form contents and kick out the
    > > code leaving plain text?

    >
    > While difficult, it is do-able. Some regular expressions for finding html
    > tags in strings have posted in this group in the past. A google search
    > should reveal them.
    >
    > > or changing the code so it displays the real
    > > code using &lt; and &gt; ?

    >
    > Use Server.HTMLEncode in your Response.Writes
    >
    > --
    > Microsoft MVP - ASP/ASP.NET
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"


    thanks for that... ive got it working :) now onto the next feature lol

    mark
    mark r, Jun 3, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Saurabh
    Replies:
    6
    Views:
    4,492
    Chris Smith
    May 30, 2004
  2. BobLaughland

    Stopping people opening a page

    BobLaughland, Apr 24, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    322
    BobLaughland
    Apr 25, 2006
  3. Kenneth McDonald
    Replies:
    3
    Views:
    266
    Steven Bethard
    Oct 25, 2006
  4. Replies:
    1
    Views:
    692
    Roger Lindsjö
    Jun 11, 2008
  5. Replies:
    23
    Views:
    469
    Tim Streater
    Dec 18, 2013
Loading...

Share This Page