HTML tags in Textbox

D

Deepak Mehta

I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...
 
K

Karl Seguin

ASP.Net 1.1 had a new feature which tries to protect against script
injection attacks. Check out http://asp.net/faq/RequestValidation.aspx for
more information.

Quickly though you can disable this via <%@ Page validateRequest="false"
....>

or in the web.config for your entier application:
<system.web>
<page validateRequest="false" />
</system.web>

Karl
 
K

Ken Cox [Microsoft MVP]

Hi Deepak,

That's a security measure built into ASP.NET 1.1 to stop hackers from
inserting scripting attacks.

"In ASP.NET 1.1, when turned on, the ValidateRequest attribute on the @Page
directive checks that users are not sending potentially dangerous HTML
markup in query strings, cookies, or form fields. If that is detected, an
exception is thrown and the request aborts. The attribute is on by default;
you don't have to do anything to be protected. If you want to allow HTML
markup to pass, then you must actively disable it."

<%@ Page ValidateRequest="false" %>

Let us know?

Ken
Microsoft MVP [ASP.NET]
Toronto
 
V

Vadivel Kumar

I will say the this type of code i.e., embedding the UI code in the database
is not standard way. When you
do a code it should follow tier architecture so, that the presentation and
business logic
will be separated. And, other demerit of this code is ,even if asp is
accepting a request data which contains
a html elements will not safe as it might get hacked by the users.

If you allow html tags in your user input forms, one can execute a
javascript located in somewhere else
to do some unwanted activities.

So, my suggestion is avoid this kind of code and try to be more standard
in your coding strategies.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HTML Tags in input form 3
displaying html code in a textbox control 6
html-tags in string 1
HTML not accepted in datagrid update modules 3
Problem in Accepting Xml Data in TextBox 3
<> tags typed into a asp.net textbox 8
Render and get html from usercontrol 2
html forms in aspx pages 7

Top