printing character ' and " in asp using vbscript
in [ASP]
|
Prev: some users cannot open asp page or see some images on the intranet
Next: ASP with XML isn't working :-(
From: S N on 11 Apr 2008 08:13 you have guessed it very correctly that i am entering html code into the database (like table tags <td> <tr> in particular) with the idea that this takes effect when it is pulled back to a web page, and hence i dont want to server.htmlencode it. can you suggest a server side validation script which does as indicated below by you. else can you suggest an alternate method of achieving the above (ensuring the table tags get translated into tables on the client side). please help. > As Anthony said, if you are entering html code into the database with the > idea that this takes effect when you pull it back to a web page, you do not > want to server.htmlencode it. Since you are using a Rich Text Editor, I am > assuming that this will apply html tags to the text on entry, and you want > them to act on the output. > > What you really want to do is to make sure no javascript or clientside > vbscript gets injected. One way to do this is just to reject any input that > contains the string "<script>" in it during your server-side validation. > > -- > Mike Brind > Microsoft MVP - ASP/ASP.NET > > >
From: Mike Brind [MVP] on 11 Apr 2008 16:10
"S N" <uandme72(a)yahoo.com> wrote in message news:OI%23$718mIHA.2304(a)TK2MSFTNGP05.phx.gbl... >> As Anthony said, if you are entering html code into the database with the >> idea that this takes effect when you pull it back to a web page, you do >> not >> want to server.htmlencode it. Since you are using a Rich Text Editor, I >> am >> assuming that this will apply html tags to the text on entry, and you >> want >> them to act on the output. >> >> What you really want to do is to make sure no javascript or clientside >> vbscript gets injected. One way to do this is just to reject any input >> that >> contains the string "<script>" in it during your server-side validation. >> >> -- >> Mike Brind >> Microsoft MVP - ASP/ASP.NET >> > > > you have guessed it very correctly that i am entering html code into the > database (like table tags <td> > <tr> in particular) with the > idea that this takes effect when it is pulled back to a web page, and > hence i dont want to > server.htmlencode it. > > can you suggest a server side validation script which does as indicated > below by you. else can you > suggest an alternate method of achieving > the above (ensuring the table tags get translated into tables > on the > client side). 'input is the posted content from the Rich Text Editor If InStr(input, "<string>") > 0 Then 'reject it Else 'process it End If -- Mike Brind Microsoft MVP - ASP/ASP.NET |