raheelasadkhan
asked on
window.open & RegisterClientScriptBlock
Hi,
I have an ASP .NET (1.1) page in C# with a Text Box and a button. The user enters some HTML code into the text box and presses the button for a preview. The server side code saves the entered HTML to an *.htm file and uses RegisterClientScriptBlock to have the client browser open the preview file in a new window.
private void btnPreview_Click(object sender, System.EventArgs e)
{
string html = "";
string filename = "";
System.IO.StreamWriter streamWriter = null;
html = this.txtScript.Text; // This is the text box in which the user entered some HTML code
try
{
filename = this.Server.MapPath("Scrip tPreview.h tm");
streamWriter = System.IO.File.CreateText( filename);
streamWriter.Write(html);
streamWriter.Close();
this.RegisterClientScriptB lock("Prev iew", "<SCRIPT LANGUAGE=\"javascript\">wi ndow.open( \"Preview. htm\");</S CRIPT>");
}
catch
{
}
}
I know the code works because when viewing the HTML source of the resulting page, the newly inserted script is visible but has no effect and no window is opened.
Any ideas?
Thanks,
Khan
I have an ASP .NET (1.1) page in C# with a Text Box and a button. The user enters some HTML code into the text box and presses the button for a preview. The server side code saves the entered HTML to an *.htm file and uses RegisterClientScriptBlock to have the client browser open the preview file in a new window.
private void btnPreview_Click(object sender, System.EventArgs e)
{
string html = "";
string filename = "";
System.IO.StreamWriter streamWriter = null;
html = this.txtScript.Text; // This is the text box in which the user entered some HTML code
try
{
filename = this.Server.MapPath("Scrip
streamWriter = System.IO.File.CreateText(
streamWriter.Write(html);
streamWriter.Close();
this.RegisterClientScriptB
}
catch
{
}
}
I know the code works because when viewing the HTML source of the resulting page, the newly inserted script is visible but has no effect and no window is opened.
Any ideas?
Thanks,
Khan
Hi,
The above code opens the .htm page for me.
Do u want to open the dialog box or new page?
--pradeep
The above code opens the .htm page for me.
Do u want to open the dialog box or new page?
--pradeep
The path to Preview.htm might be incorrect
An additional note:
For security reasons I would suggest you to use a literal control in a default not-editable page to fill the created html page in. A lot safer (+ more controlable).
An additional note:
For security reasons I would suggest you to use a literal control in a default not-editable page to fill the created html page in. A lot safer (+ more controlable).
ASKER
pradeepsudharsan:
Hmmm... I tried it on two different machines and did not work on either. I had considered a Dialog but that wouldn't work with netscape right. I need this to be compatible with at least IE and Netscape and preferably FireFox as well.
existenz2:
I verified the path to Preview.htm by viewing the source of the generated page and copy-pasting the url in the browser.
Regarding the literal control, I'm not sure what you mean. Please explain.
Hmmm... I tried it on two different machines and did not work on either. I had considered a Dialog but that wouldn't work with netscape right. I need this to be compatible with at least IE and Netscape and preferably FireFox as well.
existenz2:
I verified the path to Preview.htm by viewing the source of the generated page and copy-pasting the url in the browser.
Regarding the literal control, I'm not sure what you mean. Please explain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tried the literal control and am able to display the preview on the same page. This is nice but I have one question. Since you have already solved my primary problem, it's fair to post the new question as a new post. I'm accepting this answer and opening a new question. If you're interested, please check out (https://www.experts-exchange.com/questions/21887812/Literal-control-malicious-scripts.html).
ASKER
this.RegisterClientScriptB
with
this.RegisterClientScriptB
And this works fine!!!
What am I doing wrong with the original statement.