Solved

ASP code filter

Posted on 2008-06-15
5
295 Views
Last Modified: 2008-08-22
i am after suggestions for a good piece of code/script/plugin for checking/cleaning text that a user can enter, to ensure there is no injection, or potentially unwanted entry.

i have an asp site that users can log into and update there profile information, i would like for them to be able to enter some html formatting rather than straight text only, however i need to ensure that they cant be malicious and inject anything.t
one solution i had was to give them a standard format, eg Leadtext, Bullet point 1, Bullet point 2, Bullet point 3, Bullet point 4, EndText. However his is little better than what i have now.

Any suggestions guys.
Points will be split amoungst all that offer good advise,
Please bear in mind that i am by no means an experianced programer.

Cheers
Andrew
0
Comment
Question by:Andrew Davis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Expert Comment

by:dxz2
ID: 21791105
This is a free plugin that can be easily installed and has a lot of useful functions to work with string
http://www.chilkatsoft.com/refdoc/xCkStringRef.html

and example page

http://www.example-code.com/asp/aspstring.asp
0
 
LVL 18

Author Comment

by:Andrew Davis
ID: 21791452
Thanks for that dxz2 it looks like they have some interesting tools, however i had a look at the tool it appears to me that it can strip the HTML tags altogether, however i want the users to be able to use html but i need it checked to ensure there are no nasties in it, eg database injection

cheers
0
 
LVL 6

Accepted Solution

by:
dxz2 earned 350 total points
ID: 21791502
check this url explaining how you can protect yourself from sql injections http://www.4guysfromrolla.com/webtech/061902-1.shtml.
0
 
LVL 15

Assisted Solution

by:dosth
dosth earned 150 total points
ID: 21791523
http://www.ariel.web.id/blog/2007/03/15/checking-refferer-prevent-html-form-hijacking/

also before saving the user input to database, check for any <script></script> tag, usally injections done with this tag. use instr function to check any <script> tags is there and tell the user to remove the tags

http://www.w3schools.com/Vbscript/func_instr.asp
0
 
LVL 15

Expert Comment

by:dosth
ID: 22287623
thanks
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiflying 2 Input Text On a Table 7 35
VBScript on Html 15 64
JQuery Autocomplete Tag AJAX (Need nice script) 11 73
Hide and Unhide Table 6 42
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question