Mathew Paul
Reputation: 663
Javascript shows when stored in the database
I am storing "<script>alert("Hello")</script>" in the database and when i try to display the content in a Label it shows alert in the web page how can I solve this.
Upvotes: 4
Views: 88
Answers (1)
aquinas
Reputation: 23796
(1) Don't use a label, use a Literal control and set the mode to "Encode", so your tags will be HTML encoded: See: http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.literal.mode.aspx.
Or
(2). Say: label.Text = HttpUtility.HtmlEncode(stringFromDataBase);
(3): Edit: I should also mention, you can use the code nugget: <%: which will html encode the text. It's the same as <%=, except, the output is HTML encoded. Very handy. Example: Welcome: <%: UserName %>
Upvotes: 2
Related Questions
- Server Side JavaScript Code Injection Attack
- Can I secure this javascript code in a database?
- ASP.NET - server side control & javascript interaction
- javascript code to hide
- javascript code from DB
- code being inserted
- Client side showing , hiding is risky
- Prevent users viewing javascript file
- ASP.NET Adding Javascript to page if page not secure
- asp.net pass javascript code from database