Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Textbox containing < > needs to be cleared before submitting page

Hello,

I have an asp.net project which creates some html in textboxes for my users to copy and paste into their html code.

These textboxes change values based on a dropdownlist_SelectedIndexChanged() postback.

This is causing my program to crash. I need to clear TextBox values before the form is submitted.

How should I handle this problem. Please give coding examples.
0
tatton777
Asked:
tatton777
  • 3
1 Solution
 
Jitendra PatilSr.Software EngineerCommented:
can you please post your mark up & code behind here ? so that we  can help you in better way.
0
 
MrunalCommented:
For communication, you need to encode and decode your textbox value (which contains html code).

For storing these values in database also, better approach is first encode value and save in database.
While displaying same value, decode it and display on UI.

References:

Encode:
http://msdn.microsoft.com/en-us/library/w3te6wfz(v=vs.110).aspx

Decode:
http://msdn.microsoft.com/en-us/library/hwzhtkke(v=vs.110).aspx

Hope this helps you.
0
 
Jitendra PatilSr.Software EngineerCommented:
you can try a small hack.

before updating the value of textboxt based on dropdownlist selection, just clear the textbox first and then add the new value as per your choice.
like:
textbox.Text="";
textbox.Text= Dropdownlist1.selecteditem.text.tostring();

Hope this helps.
0
 
tatton777Author Commented:
Here's some example code.

<%@ Page Language="C#" %>

<!DOCTYPE html>

<script runat="server">

    protected void Button1_Click(object sender, EventArgs e)
    {        
        TextBox1.Text = "<a href='yahoo.com'></a>";
        Label1.Text = "After textbox populated, error thrown on button click";
    }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
        <asp:TextBox ID="TextBox1" runat="server" Width="331px"></asp:TextBox>
        <br />
        <asp:Button ID="Button1" runat="server" Text="Button" OnClick="Button1_Click" />
    
        <br />
        <asp:Label ID="Label1" runat="server" Text="Click to populate textbox"></asp:Label>
    
    </div>
    </form>
</body>

Open in new window

0
 
Jitendra PatilSr.Software EngineerCommented:
hi  use

<httpRuntime requestValidationMode="2.0" />

in your web.config (keeping any attributes you already have on that element, if it's already there). ASP.NET4.0 ignores ValidateRequest otherwise.

And, of course, do make sure that you take necessary measures to protect against genuinely dangerous requests, now that it's not being done for you.

A great way of doing this is to create your own class derived from RequestValidator, and using the 4.0 behaviour, but with that as the class that does the checking.

please read the solution from the below link
A potentially dangerous Request.Form value was detected from the client

hope this helps.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now