Organizational Research By

Surprising Reserch Topic

Experts Most Trusted Topic


in a text box in asp net how to allow it


in a text box in asp net how to allow it  using -'asp.net,html-encode'

I have a textfield which displays a string which contains < and >. The code throws an error because of that. How can I allow the usage of those chars in my textfield?

Thanks :)
    

asked Oct 11, 2015 by ankitarajoria4
0 votes
5 views



Related Hot Questions



Walkin Jobs Opening



Government Jobs Opening

And in code-behind:

this.ClientScript.RegisterOnSubmitStatement(this.GetType(), 
    "EscapeField", "EscapeField();")

Update: Again, warning - if you save HTML in your database like this, and then just display it to the client, you are directly vulnerable to XSS attacks. There are worms out there that will find and exploit your web site. Make sure you cleanse the HTML you are getting.

answered Oct 11, 2015 by loknath.ganji
0 votes

If you're in an asp.net page, you can wrap the whole of the output text in a Server.HtmlEncode("YourTextWithCharacters")

function and it will encode any dodgy characters for you.

If, for some reason, you're doing this in a .cs file, you can use System.Web.HttpUtility.HtmlEncode("YourTextWithCharacters")

before passing it to the presentation layer.

answered Oct 11, 2015 by sachin wagh
0 votes

Convert them to < and >. In Html, < is converted to < and > is converted to > without it thinking it's part of the markup. So the string will be <Blah>.

Edit: I forgot, to automatically convert them and escape all HTML characters (so this isn't an issue for other things), in Asp.net you can use Server.HtmlEncode(string) to automatically convert all characters that could cause issues to their HTML equivalent.

answered Oct 11, 2015 by ashish singh
0 votes
<

I don't know if your question is related to this or if you are getting a validateRequest issue

answered Oct 11, 2015 by 20shahi
0 votes

You can either use the TextBox.Text property which will HTML-encode whatever you enter


or you can enter the html names for < and >.

<

or you can enter the html codes

<

for the name and code conversions, check out this chart.

answered Oct 11, 2015 by kinnari
0 votes

your problem is,you cannot use html tags in .net controls. so set the ValidateRequest="false" in your aspx page and encode the text before you saving the text.

    //encode
    private string Encode(string text)
    {
        byte[] encodedText = System.Text.Encoding.UTF8.GetBytes(text);
        return System.Convert.ToBase64String(encodedText);
    }

when you retrieving your text make sure to decode the encoded text.

    // Decode:
    private string Decode(string encodedText)
    {
        byte[] decodedText = System.Convert.FromBase64String(encodedText);
        return System.Text.Encoding.UTF8.GetString(decodedText );
    }
answered Oct 11, 2015 by mca.agarwal

...