ValidateRequest=False HtmlEncode and The Best Method

Discussion in 'ASP .Net' started by \A_Michigan_User\, Sep 5, 2006.

  1. I guess I'm not understanding this correctly.

    I have to set "ValidateRequest=False" for my asp.net 1.1 page that has a
    TextBox... so that I can avoid an error... if some user enters
    some html or script coding into it. (Should I HtmlEncode it with
    Server.htmlEncode or HttpServerUtility.HtmlEncode ???)

    From what I've read... I guess I'm supposed to do it this way:
    1. HtmlEncode the user input that's in the TextBox.
    2. Save it to the database.
    then...
    3. Load it from the database.
    4. Decode it.
    5. Display it to the user.

    Isn't step #1 wasting extra database space? (Since encoding changes some
    single characters into 4 characters.)
    And step #2 is saving "safe text". (But it can't really harm anyone just
    sitting in the database... as unsafe-text.)
    And doesn't #4 convert the safe-text back into UNSAFE text? (Is that
    wise????)

    =======================

    Or would this method make more sense:
    A. Save the unsafe-text to the database... as-in.
    then...
    B. Load it from the database.
    C. Encode it. (Converting unsafe-text to safe-text)
    D. Display it to the user.

    Help!
     
    \A_Michigan_User\, Sep 5, 2006
    #1
    1. Advertising

  2. \A_Michigan_User\

    aamirghanchi

    Joined:
    Apr 1, 2010
    Messages:
    1
    since it has been 4 yearssince your post and I hope you have figured it out by now. Your solution will work, but it will show all those odd characters in the display i.e. > will be represented as > and so on.
     
    aamirghanchi, Apr 1, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Colmenares

    ValidateRequest="false" error

    Martin Colmenares, Jun 27, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,043
    Martin Colmenares
    Jun 27, 2003
  2. Tim Zych
    Replies:
    2
    Views:
    25,694
    Tim Zych
    May 16, 2004
  3. Phil Winstanley [Microsoft MVP ASP.NET]

    Re: validateRequest="false" not working in web.config or page directive

    Phil Winstanley [Microsoft MVP ASP.NET], May 16, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    659
    Phil Winstanley [Microsoft MVP ASP.NET]
    May 16, 2004
  4. \A_Michigan_User\
    Replies:
    2
    Views:
    942
    \A_Michigan_User\
    Aug 21, 2006
  5. CindyH
    Replies:
    1
    Views:
    925
    Nanda Lella[MSFT]
    Feb 11, 2009
Loading...

Share This Page