Checking for html tags in a text box.

G

Guest

Im using a cutom control to try to validate a text box to ensure that on the client side a validation expression is present to prevent the user from posting back html in their text box. I was only partially successful with some of the regular expressions i came up with. There are a few contraints. There can be no roundtrip to the server. The server process halts reports possible dangerous Html. Ive thought about using javascript to combat the problem
Any suggestions???
 
G

George Durzi

v1.1 handles this automatically by default. You can turn it off by setting
the RequestValidate page directive to False

Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
P

Peter Blum

Here's some JavaScript that I use to remove HTML tags:

var vRx = new RegExp("<(.|\n)+?>", "ig");
if (vRx.test("[your text]"))
// found means its an error
else
// its OK

Embed this into a custom validator's client-side function.

--- Peter Blum
www.PeterBlum.com
Email: (e-mail address removed)
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx

Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
S

Saravana [MVP]

Check out this faq,
http://www.extremeexperts.com/Net/FAQ/PreventingScriptAttacks.aspx

--
Saravana
Microsoft MVP - ASP.NET
www.extremeexperts.com



Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
E

Eric Lawrence [MSFT]

Yes, you definitely want to do this check on the server, not the client.
There are quite a few tools which will bypass all client validation.

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Writing regular expressions 0
How can I construct an XML file to contain HTML tags in the data for a Literal element? 5
HTML tags in textarea 4
html-tags in string 1
VB6 Combo box text property equivalent in HTML Select control 1
HTML Tags in Text Fields 5
HTML tags in Textbox 4
assign a varriable to text box 1

Members online

Total: 36 (members: 2, guests: 34)
Robots: 160

Forum statistics

Threads
473,774
Messages
2,569,598
Members
45,161
Latest member
GertrudeMa

Latest Threads

Top