CODEWITHSUNDEEP
asp.net
joshschreuder
joshschreuder

Reputation: 1463

AutoPostBack and HTML encoding

I'm having trouble with HTML characters in a text field and an AutoPostBack.

I have something like the below:

<asp:FormView ID="FormView1" runat="server" 
              DataKeyNames="ID" DataSourceID="SqlDataSource4"
              ForeColor="#333333" DefaultMode="Edit" 
              HorizontalAlign="Center" Font-Size="X-Small"
              Width="100%" OnDataBound="FormView1_DataBound">
      <asp:TextBox ID="fooTextBox" runat="server" 
                   Width="100%" Rows="4" TextMode="MultiLine"
                   CssClass="tr4" Text='<%# Bind("foo") %>' AutoPostBack="true"
                   OnTextChanged="ChangedRecord" />
</asp:FormView>

Now when a user enters into the textbox something like

< foo>

it will throw an error 500 due to the HTML characters in the text field.

How can I manage this before it is sent via the AutoPostBack?

Upvotes: 1

Views: 1893

Answers (2)

Conrad Lotz
Conrad Lotz

Reputation: 8818

If you need to enter html/xml into a textbox the best way of handling it is to html encode your input. <foo> will become &lt;foo&gt; This will make it safe for the form post. Remember that you need to decode it on after submitting it for use. Use the following link inspect html encoding. http://www.opinionatedgeek.com/DotNet/Tools/HTMLEncode/Encode.aspx/

Upvotes: 0

KV Prajapati
KV Prajapati

Reputation: 94645

This is because of ValidateRequest property of Page (Default value is true). You can turn off ValidateRequest so you can allow tags,script etc (potentially dangerous values).

If your application target to .net framework version 4.0 then add following section in web.config:

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime requestValidationMode="2.0" />
</system.web>

Upvotes: 2

Related Questions