help stopping people putting scripts into form fields

[mark r]

Hi there, im making a simple site where people can add comments into a
shoutbox. only ive had experience of people adding in html tags and
javascript to redirect people away from my site and display images etc
which im not interested in.

how do i stop this from happening? is there a way to intercept the
form contents and kick out the
code leaving plain text? or changing the code so it displays the real
code using < and > ?

many thanks
mark

 

[Bob Barrows [MVP]]

Hi there, im making a simple site where people can add comments into a
shoutbox. only ive had experience of people adding in html tags and
javascript to redirect people away from my site and display images etc
which im not interested in.

how do i stop this from happening? is there a way to intercept the
form contents and kick out the
code leaving plain text?

While difficult, it is do-able. Some regular expressions for finding html
tags in strings have posted in this group in the past. A google search
should reveal them.

or changing the code so it displays the real
code using < and > ?

Use Server.HTMLEncode in your Response.Writes

 

[mark r]

While difficult, it is do-able. Some regular expressions for finding html
tags in strings have posted in this group in the past. A google search
should reveal them.


Use Server.HTMLEncode in your Response.Writes

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

thanks for that... ive got it working now onto the next feature lol

mark