Every time a user posts something containing <
or >
in a page in my web application, I get this exception thrown.
I don't want to go into the discussion about the smartness of throwing an exception or crashing an entire web application because somebody entered a character in a text box, but I am looking for an elegant way to handle this.
Trapping the exception and showing
An error has occurred please go back and re-type your entire form again, but this time please do not use <
doesn't seem professional enough to me.
Disabling post validation (validateRequest="false"
) will definitely avoid this error, but it will leave the page vulnerable to a number of attacks.
Ideally: When a post back occurs containing HTML restricted characters, that posted value in the Form collection will be automatically HTML encoded.So the .Text
property of my text-box will be something & lt; html & gt;
Is there a way I can do this from a handler?
I'm trying to write a code to read the content of a web page, but I'm not sure of the used encoding in that page, so how can I write a generic code that returns the right string without the strange symbols?The encoding might be ("UTF-8", "windows-1256", ...).I've tried to but the UTF-8 but when the page is encoded with the second mentioned encoding I'm having some strange symbols.
Here is the code I'm using:
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("SOME-URL");request.Method = "GET";WebResponse response = request.GetResponse();StreamReader streamReader = new StreamReader(response.GetResponseStream(), System.Text.Encoding.UTF8);string content = streamReader.ReadToEnd();
And here is a link that causes the problem:http://forum.khleeg.com/144828.html
I am trying to allow the user to store a string in a database which will often contain an anchor tag and or multiple paragraphs. I am posting to my database and mysql appends on the \
to quotes and such via the mysql_real_escape_string()
function. Now when I make a call to retrieve the information back I recieve a string like this
Pop some popcorn, make some hot cocoa and let your kids enjoy these movies during their winter break! Find more lists of books <a href="\'#\'">Here</a>\nThis should be a new line of text.
This actually outputs correctly up until the new line character where it actually just displays \n
instead of a line break.
I am trying to handle this string with javascript to output it in the correct format. I am trying to do this
var msg = $("<textarea>").html( (response.banner_msg) ).text();$(".booklist-msg").html(msg.replace(/\n/g, '<br />'));
But this doesn't work. I have also tried using htmlentity()
within my php post call and then on my get calling html_entity_decode()
. I would also like to add in stripslashes()
because this paragraph is going to be editable and the slashes continuously build on each other every time I update.
This is my post function
function updateBooklistDetails($second_db, $booklist) { $name = mysql_real_escape_string($booklist[name]); $img = mysql_real_escape_string($booklist[img]); $msg = htmlentities(mysql_real_escape_string($booklist[msg])); $auth = mysql_real_escape_string($booklist[auth]); $id = $booklist[listId]; $res = $second_db->query( $second_db->prepare("UPDATE `BookList` SET booklist_name = %s, author = %s, banner_msg = %s, image_url = %s WHERE booklist_id = %s ", $name, $auth, $msg, $img, $id) ); return $res;}
This is my get function
function retrieveBooklistInfo( $request ) { $second_db = new wpdb(DB_USER, DB_PASSWORD, "saic3_LibraryIndex", DB_HOST); $id = $request['id']; $id = (string)$id; $booklist = getBooklistById($second_db, $id ); $booklist->booklist_name = stripslashes($booklist->booklist_name); $booklist->banner_msg = html_entity_decode($booklist->banner_msg, ENT_QUOTES); $booklist->books = getBooklistBooksById($second_db, $id ); $booklist->category = getBooklistCategoryById($second_db, $id ); $second_db->close(); return $booklist;}
I am trying to generate emails with HTML content. this content has already gone through sanitation so I am not worried in that regard, however when I call:
Razor.Parse(template, model);
on the following Razor template:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html> <body> @(new System.Web.HtmlString(Model.EmailContent)) </body></html>
the email that is outputted is HTMl encoded, but I need it decoded. How can I accomplish this?
I have a small contact form that requires a subject, a name, an email, and a message. All these fields are sanitized with:
function sanitize($string){ return htmlentities($string, ENT_QUOTES, 'UTF-8');}
I send the email using the mail()
function from PHP, and I use the subject
field as the email title/subject. The problem is that in subject I have a single quote:
I'd like to explore
But after I sanitize it I get the email in the inbox, but that single quote is sanitized and appears like this:
I'd like to explore
How do I keep my form safe, but at the same time how do I get my subject of the email to be with the single quote not with that 'd
-thing?
Please note that by viewing our site you agree to our use of cookies (see Privacy for details). You will only see this message once.