Checking for html tags in a text box.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Im using a cutom control to try to validate a text box to ensure that on the client side a validation expression is present to prevent the user from posting back html in their text box. I was only partially successful with some of the regular expressions i came up with. There are a few contraints. There can be no roundtrip to the server. The server process halts reports possible dangerous Html. Ive thought about using javascript to combat the problem
Any suggestions???
 
v1.1 handles this automatically by default. You can turn it off by setting
the RequestValidate page directive to False

Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
Here's some JavaScript that I use to remove HTML tags:

var vRx = new RegExp("<(.|\n)+?>", "ig");
if (vRx.test("[your text]"))
// found means its an error
else
// its OK

Embed this into a custom validator's client-side function.

--- Peter Blum
www.PeterBlum.com
Email: (e-mail address removed)
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx

Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
Check out this faq,
http://www.extremeexperts.com/Net/FAQ/PreventingScriptAttacks.aspx

--
Saravana
Microsoft MVP - ASP.NET
www.extremeexperts.com



Rakesh said:
Im using a cutom control to try to validate a text box to ensure that on
Click to expand...
the client side a validation expression is present to prevent the user from
posting back html in their text box. I was only partially successful with
some of the regular expressions i came up with. There are a few contraints.
There can be no roundtrip to the server. The server process halts reports
possible dangerous Html. Ive thought about using javascript to combat the
problem.
 
Yes, you definitely want to do this check on the server, not the client.
There are quite a few tools which will bypass all client validation.

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top