Newbie ASP.NET Question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am working with an ASP.Net web application in VB.net. I am trying to save
these characters: (<, >) in a database as text. The problem is that whenever
I enter something like: "<text>" it says that whatever is in the
textbox(which is "<text>"), is not safe/malicious/etc. I was wondering if
there was any way to work around this problem and enter less than/greater
than symbols into the database without it bombing on the postback.
 
Set ValidateRequest="false" in the Page directive of your .aspx page.

I am working with an ASP.Net web application in VB.net. I am trying to save
these characters: (<, >) in a database as text. The problem is that
whenever
I enter something like: "<text>" it says that whatever is in the
textbox(which is "<text>"), is not safe/malicious/etc. I was wondering if
there was any way to work around this problem and enter less than/greater
than symbols into the database without it bombing on the postback.
 
Just remember that there is a reason that was throwing an error to begin
with. Becareful of the data that you accept your you open your site for
scripting attacks.

Michael
 
Ya, I was worried about that, thank you.

Michael said:
Just remember that there is a reason that was throwing an error to begin
with. Becareful of the data that you accept your you open your site for
scripting attacks.

Michael
Click to expand...
 
That was the dumbest advice from Siva I've heard in a long time. Disabling
security in a page is never, ever a wise thing to do just because it can be
done. The correct answer varies. First, reactivate page validation. Secondly
you can manually convert the < > characters and store them using HTML
Character Entities which when parsed by browsers will be converted back to
ASCII text.

Use: &lt; for the < character.
Use: &gt; for the > character.
Example: &lt;Tagged Text &gt;

Finally, if you want to become a masterful developer that doesn't make
stupid mistakes like disabling security built into the page class you need
to learn how to use your tools better.

The .NET Framework includes methods called HtmlEncode, HtmlUnEncode,
ServerEncode and ServerUnEncode that do the character modification for us.
Use search to find and red documentation from MSDN to learn how to use these
methods when storing and retrieving data from the database as they are the
optimal choices that are the fundamentals for maintaining secure pages.

--
<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://clintongallagher.metromilwaukee.com/
MAP 43°2'17"N 88°2'37"W : 43°2'17"N 88°2'37"W
 
Back
Top