How to restrict the HTML tags in multiline textbox?

Question

I have a Multiline Textbox. I donot want to let user type HTML Tags or validation can be done in the server side. Any suggestions?

When I set ValidateRequest="true" it throws error

potentially dangerous Request.Form value was detected from the client

This is also not required. I tried to put validation by checking the character < but this is also not a proper validation because you can type like <kanavi and this is not a HTML tag

Answer 1

Try with regular expression, this is for finding html tags. Use it on application side.

Regex.Match(TextBox.Text, "</?\w+((\s+\w+(\s*=\s*(?:".*?"|'.*?'|[^'">\s]+))?)+\s*|\s*)/ >");

I have another solution with XDocument always on application side.

Create an XDocument and set a root to it :

XDocument yourXDocument = new XDocument(new XElement("Root"));

Then load content :

yourXDocument.Root = XDocument.Load(TextBox.Text);

Then use a recursive function to find if you are more than 2 levels in your XDocument.

Of Couse, if you want to parse only HTML tags, I think you have to create a Dictionary to store all of them and compare your textbox value with each of them.

Answer 2

have a look at this package from nuget.HtmlLaundry

it should help you clean out the HTML before it gets to the server.

Answer 3

set ValidateRequest="false"

and handle on the server if there is a tag in input show message.

you can remove the tags

 Regex.Replace(source, "<.*?>", string.Empty);

OR you use encoding if you want to keep them