Solved

Textbox containing < > needs to be cleared before submitting page

Posted on 2014-01-07
5
316 Views
Last Modified: 2014-02-18
Hello,

I have an asp.net project which creates some html in textboxes for my users to copy and paste into their html code.

These textboxes change values based on a dropdownlist_SelectedIndexChanged() postback.

This is causing my program to crash. I need to clear TextBox values before the form is submitted.

How should I handle this problem. Please give coding examples.
0
Comment
Question by:tatton777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 13

Expert Comment

by:Jitendra Patil
ID: 39764375
can you please post your mark up & code behind here ? so that we  can help you in better way.
0
 
LVL 22

Expert Comment

by:Mrunal
ID: 39764418
For communication, you need to encode and decode your textbox value (which contains html code).

For storing these values in database also, better approach is first encode value and save in database.
While displaying same value, decode it and display on UI.

References:

Encode:
http://msdn.microsoft.com/en-us/library/w3te6wfz(v=vs.110).aspx

Decode:
http://msdn.microsoft.com/en-us/library/hwzhtkke(v=vs.110).aspx

Hope this helps you.
0
 
LVL 13

Expert Comment

by:Jitendra Patil
ID: 39767854
you can try a small hack.

before updating the value of textboxt based on dropdownlist selection, just clear the textbox first and then add the new value as per your choice.
like:
textbox.Text="";
textbox.Text= Dropdownlist1.selecteditem.text.tostring();

Hope this helps.
0
 
LVL 1

Author Comment

by:tatton777
ID: 39769054
Here's some example code.

<%@ Page Language="C#" %>

<!DOCTYPE html>

<script runat="server">

    protected void Button1_Click(object sender, EventArgs e)
    {        
        TextBox1.Text = "<a href='yahoo.com'></a>";
        Label1.Text = "After textbox populated, error thrown on button click";
    }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
        <asp:TextBox ID="TextBox1" runat="server" Width="331px"></asp:TextBox>
        <br />
        <asp:Button ID="Button1" runat="server" Text="Button" OnClick="Button1_Click" />
    
        <br />
        <asp:Label ID="Label1" runat="server" Text="Click to populate textbox"></asp:Label>
    
    </div>
    </form>
</body>

Open in new window

0
 
LVL 13

Accepted Solution

by:
Jitendra Patil earned 500 total points
ID: 39770664
hi  use

<httpRuntime requestValidationMode="2.0" />

in your web.config (keeping any attributes you already have on that element, if it's already there). ASP.NET4.0 ignores ValidateRequest otherwise.

And, of course, do make sure that you take necessary measures to protect against genuinely dangerous requests, now that it's not being done for you.

A great way of doing this is to create your own class derived from RequestValidator, and using the 4.0 behaviour, but with that as the class that does the checking.

please read the solution from the below link
A potentially dangerous Request.Form value was detected from the client

hope this helps.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question