Andrew Davis
asked on
ASP code filter
i am after suggestions for a good piece of code/script/plugin for checking/cleaning text that a user can enter, to ensure there is no injection, or potentially unwanted entry.
i have an asp site that users can log into and update there profile information, i would like for them to be able to enter some html formatting rather than straight text only, however i need to ensure that they cant be malicious and inject anything.t
one solution i had was to give them a standard format, eg Leadtext, Bullet point 1, Bullet point 2, Bullet point 3, Bullet point 4, EndText. However his is little better than what i have now.
Any suggestions guys.
Points will be split amoungst all that offer good advise,
Please bear in mind that i am by no means an experianced programer.
Cheers
Andrew
i have an asp site that users can log into and update there profile information, i would like for them to be able to enter some html formatting rather than straight text only, however i need to ensure that they cant be malicious and inject anything.t
one solution i had was to give them a standard format, eg Leadtext, Bullet point 1, Bullet point 2, Bullet point 3, Bullet point 4, EndText. However his is little better than what i have now.
Any suggestions guys.
Points will be split amoungst all that offer good advise,
Please bear in mind that i am by no means an experianced programer.
Cheers
Andrew
ASKER
Thanks for that dxz2 it looks like they have some interesting tools, however i had a look at the tool it appears to me that it can strip the HTML tags altogether, however i want the users to be able to use html but i need it checked to ensure there are no nasties in it, eg database injection
cheers
cheers
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
thanks
http://www.chilkatsoft.com/refdoc/xCkStringRef.html
and example page
http://www.example-code.com/asp/aspstring.asp