Link to home
Create AccountLog in
Avatar of lghaman123
lghaman123

asked on

Special Characters in Form Fields blocked by SecureIIS

Our server uses SecureIIS for security, and it has a function where it screens all POST variables from forms for special characters.  I have several content management forms on my site that need to be able to accept en-dash and em-dash characters but SecureIIS kicks out an error whenever it receives one of these because it thinks it's malicious.  Does anyone know if there is a configuration setting in SecureIIS anywhere where I can specify "safe" characters?
ASKER CERTIFIED SOLUTION
Avatar of Rurne
Rurne
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of lghaman123
lghaman123

ASKER

Thanks for your prompt response.  Not sure if my IT guys will let me do that but we'll see.

Thanks!
It's really pretty obnoxious.  It would be great if eEye would allow you to specify a particular character set and would provide proper escaping for, say, UTF-8.  However, there are several known exploits for Unicode, which is why Unicode gets blocked by default in SecureIIS.  Unfortunately, it's an either/or situation; if you want em and en dashes, you may be opening yourself to potential exploits.

HTH