?
Solved

retaining html input in textbox...

Posted on 2004-08-07
3
Medium Priority
?
383 Views
Last Modified: 2012-06-27
using a textarea in a form to capture user text entry that includes html code... when storing the text, the greater-than and less-than symbols are being replaced with their & equivalent codes. i tried server.htmlencode and htmldecode and not fixing it.

any ideas?
0
Comment
Question by:loyaliser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
AerosSaga earned 1000 total points
ID: 11744365
This is because the embeded html code could countain a malicious script to attempt to compromise your system.  ASP.NET recognizes this, the only way to leave the html intact is to disable validation for the whole page in the page directive.

Regards,

Aeros
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11744368
If you still want to turn off validation to retain the html see here for example:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconpage.asp

Regards,

Aeros
0
 
LVL 37

Expert Comment

by:gregoryyoung
ID: 11744510
here's a good article describing your options http://asp.net/faq/RequestValidation.aspx ...

this is exactly what you want to do ...

<%@ Page ValidateRequest="FALSE" language="C#" %>

<script runat="server">

void EnterBtn_Click(Object Src, EventArgs E) {
Message.Text = "Hi " + HttpUtility.HtmlEncode(Name.Text) + ", welcome to ASP.NET!";
}

</script>
<html>
<body>
<form runat=server>
Please enter your name: <asp:textbox id="Name" runat=server/>
<asp:button text="Enter" Onclick="EnterBtn_Click" runat=server/><br>
<asp:label id="Message" runat=server/>
</form>
</body>
</html>
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question