Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1172
  • Last Modified:

ASP.Net Application - Handling XML Special Characters

Hi,

I have an Asp.Net application that allows the user to insert in to an XML document. Before the insertion is made, I must first ensure that the 'primary key' is unique. To do this, I have a asp:CustomValidator that calls a function called ValidateUniqueCategory. (See attached code)

In this code, I get the value of the relevant textbox (sender.ControlToValidate).

This works well if there are no special characters present, however if the user enters special charaters (', ", <, >, &) in to SenderControl.Text it fails. How can I handle this?

Possibilities:

Using a CDATA section? Please explain if this will work

Declaring GalleryXPath as something other than String? There are many other types that sound useful but I haven't been able to get them to work. Types such as: XmlText, XmlCDataSection etc.

Thank you in advance
Ben
Protected Sub ValidateUniqueCategory(ByVal sender As Object, ByVal Args As ServerValidateEventArgs)

Dim GalleryXml As New XmlDocument()
Dim GalleryXmlDirectory As String = "/Flash/Gallery/"
Dim GalleryXmlFilename As String = "Gallery.xml"
Dim GalleryXmlPath As String = Server.MapPath(GalleryXmlDirectory + GalleryXmlFilename)

        GalleryXml.Load(GalleryXmlPath)

        Dim Gallery As XmlNode = GalleryXml.DocumentElement
        Dim GalleryXPath As String = ""
        Dim SenderControl As TextBox

        SenderControl = CType(Master.FindControl("MasterMainContent").FindControl(sender.ControlToValidate), TextBox)

        If Not SenderControl Is Nothing Then
            GalleryXPath = "/Gallery/Category[@Name='" & SenderControl.Text & "']"
        End If

        Dim GalleryNode As XmlNode = Gallery.SelectSingleNode(GalleryXPath)

        If Not GalleryNode Is Nothing Then
            Args.IsValid = False
            Exit Sub
        End If

    End Sub

Open in new window

0
Beircheart
Asked:
Beircheart
  • 2
1 Solution
 
BeircheartAuthor Commented:
Hi wdfdo,

While I appreciate your reply, I must be honest that I find it very frustrating to be just handed links that a very quick Google will return... I've obviously tried that already as there is no way I'm going to put the time in to posting a fairly thorough question and then wait for a response as opposed to googling the key words of this question...

Anyway, I'd come across those links before and neither of them were any good to me. I think the reason they were not helpful is because I'm trying to Escape the special characters of an XML attribute. Going by a few different forums I've read, I believe (But am open to correction) that special characters are not allowed in an attribute. Therefore, I've decided to use an <asp:RegularExpressionValidator> to disallow any special characters. This is a perfectly good solution for my needs. Here it is in case anyone can use it:

<asp:RegularExpressionValidator ID="CategoryTitleTxtRegExValidator" ControlToValidate="CategoryTitleTxt"
                ValidationGroup="AddCategoryGroup" ForeColor="Red" ValidationExpression="^[0-9a-zA-Z ]+$"
                ErrorMessage="Alpha-Numeric Value Required" Display="Dynamic" runat="server" />

WAIT!! HERE'S ANOTHER POSSIBLE SOLUTION:

(That's for anyone who had given up on an actual solution as opposed to a workaround)

I also found a command that will escape special character automatically:

Try using:

System.Security.SecurityElement.Escape(CategoryDropDown.SelectedValue)

If CategoryDropDown.SelectedValue equals "Cats&"

It should return "Cats&amp;"

All the best
Ben
0
 
BeircheartAuthor Commented:
Explained in my previous post
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now