lghaman123
asked on
Special Characters in Form Fields blocked by SecureIIS
Our server uses SecureIIS for security, and it has a function where it screens all POST variables from forms for special characters. I have several content management forms on my site that need to be able to accept en-dash and em-dash characters but SecureIIS kicks out an error whenever it receives one of these because it thinks it's malicious. Does anyone know if there is a configuration setting in SecureIIS anywhere where I can specify "safe" characters?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
It's really pretty obnoxious. It would be great if eEye would allow you to specify a particular character set and would provide proper escaping for, say, UTF-8. However, there are several known exploits for Unicode, which is why Unicode gets blocked by default in SecureIIS. Unfortunately, it's an either/or situation; if you want em and en dashes, you may be opening yourself to potential exploits.
HTH
HTH
ASKER
Thanks!