• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 63
  • Last Modified:

allowing user to type html tags inside html textarea

I have a html textarea on my page in my ASP.NET Web Forms application.
https://www.w3schools.com/tags/tag_textarea.asp

If a user types some html code like this inside my textarea

p>test</p><span>test</span>

When i run my page it causes an error.

I read this article:
https://www.codeproject.com/tips/297679/a-potentially-dangerous-request-form-value-was-det

So then,
if I add these 2 lines of code inside the <system.web> tags, that fixes the issue and I no longer get an error , the textarea accepts the html tags ok.

<system.web>

        <httpRuntime requestValidationMode="2.0" />
        <pages validateRequest="false" />

</system.web>

Is there a better way to allow a user to type html tags inside my textarea without having to add those 2 lines inside my Web.Config of my application ?
0
maqskywalker
Asked:
maqskywalker
1 Solution
 
zephyr_hex (Megan)DeveloperCommented:
You may want to consider the security implications of allowing HTML tags in a form element (input, textarea, etc)
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
And if you do, you should HTML encode the text from that textarea before saving/using it
0
 
lenamtlCommented:
Hi,

You can use a plugin like TinyMce
https://www.tinymce.com/

With this editor you can have HTML template.
I'm using it with Raw option and it's also have a html code option (in Format list).
You can create a list of span so the user can select one.
This is useful to allow user to select Bootstrap component for example.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now