Hi,
I am new to web development. I have a problem. I have certain
textboxes where I want that the text that a user enters should only be
displayed as text. The problem is suppose if someone enters something
like <INPUT type="text"> or <img src="someImage.jpg"> i start getting
textboxes and images whereas I just want to display the string entered
by the user. One possible solution could be using the pre tag. I just
wanted to know whether there is a standard method to disable rendering
of HTML tags as I have seen most of the sites dont allow it.

TIA
Gaurav

You would have to use server-side script to either limit input or restrict the display of the
content on your pages. FP has no built-in functions to stop this unless using the Guest book or
Discussion Web components.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

"Gaurav Singh" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
> I am new to web development. I have a problem. I have certain
> textboxes where I want that the text that a user enters should only be
> displayed as text. The problem is suppose if someone enters something
> like <INPUT type="text"> or <img src="someImage.jpg"> i start getting
> textboxes and images whereas I just want to display the string entered
> by the user. One possible solution could be using the pre tag. I just
> wanted to know whether there is a standard method to disable rendering
> of HTML tags as I have seen most of the sites dont allow it.
>
> TIA
> Gaurav
>

What you want to learn to prevent is called "Cross-Site Scripting." Start by
reading this [1]

While your learning about using JavaScript and Cross-Site Scripting there is
one server-side statement you should start using immediately:
Server.HTMLEncode [1].

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1] http://en.wikipedia.org/wiki/Cross-site_scripting
[1] http://devguru.com/technologies/asp/9169.asp








"Gaurav Singh" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
> I am new to web development. I have a problem. I have certain
> textboxes where I want that the text that a user enters should only be
> displayed as text. The problem is suppose if someone enters something
> like <INPUT type="text"> or <img src="someImage.jpg"> i start getting
> textboxes and images whereas I just want to display the string entered
> by the user. One possible solution could be using the pre tag. I just
> wanted to know whether there is a standard method to disable rendering
> of HTML tags as I have seen most of the sites dont allow it.
>
> TIA
> Gaurav
>