Reputation: 8756
Allow for "<<" to be submitted, without disabling "validaterequest"
I'm wondering if anyone knows of a way to allow something like "<<" to be submitted, without setting validaterequest=false
I have a creole parser, and the recommended plugin/macro syntax is:
<<macro-name argo0=foo arg1=bar argN=qux>>
Upvotes: 0
Views: 441
Answers (3)
Reputation: 1824
I wrote a little ‘encodeMyHtml’ JavaScript function that is called on the OnClick event when the HTML form’s submit button is clicked. The function encodes the user’s HTML input for the field I’ve specified into a harmless string before it is passed to the server. When I receive that input on the server I simply decode and go on my way.
ValidateRequest is happy, our users are happy, our peers are happy, heck we’re happy.
I add my ‘encodeMyHtml’ JavaScript function in my user control’s OnPageLoad method. This way I can make sure that my JavaScript is added to the parent page only once, no matter how many controls are on the page.
In my control’s OnPageLoad I call this:
private void addEditorJavaScript()
{
// create our HTML encoder javascript function
// this way it shows up once per page that the control is on
string scr = @"<script type='text/javascript'>function encodeMyHtml(name){
var content = document.getElementById(name).value
content = content.replace(/</g,'<');
content = content.replace(/>/g,'>');
document.getElementById(name).value = content;
}</script>";
// add the javascript into the Page
ClientScriptManager cm = Page.ClientScript;
cm.RegisterClientScriptBlock(this.GetType(), "GlobalJavascript", scr);
}
In my control’s ASPX I’m using a gridview. I wrap the gridview’s update asp:LinkButton in a span tag, and in that span tag I put my OnClickEvent.
<span onclick="encodeMyHtml('<%# UniqueID.Replace("$", "_") %>_FormViewContentManager_ContentTextBox')">
<asp:LinkButton ID="UpdateButton" runat="server" CausesValidation="True" CommandName="Update" Text="[Publish]" />
</span><span onclick="encodeMyHtml('
When I get the input on the server side I simply call a couple of Replace methods on the input string to decode the HTML, and I’m done.
Upvotes: 2
Reputation: 49423
You can encode the "<<" on the client using Javascript:
<script language="javascript">
function encodeString(str) {
return str.replace(/</gi, '<').replace(/>/gi, '>');
}
</script>
And then on the server use Server.HtmlDecode to return the string to its original form.
Upvotes: 0
Reputation: 68707
You could do a javascript regex replace for "<\S" on the specific field on form submit. But it would fail for browsers that don't support javascript.
Upvotes: 1
Related Questions
- ValidateRequest ="false" for single control
- Alternative to ValidateRequest="false"
- Submitting html code without setting ValidateRequest to false
- Allowing HTML text in asp textbox w/o using validateRequest=false
- ValidateRequest="false" not worked
- ASP.NET request validation with HTML encoded characters
- How to validate data when validateRequest is set to "false"
- Posting text with html tags without changing the requestValidationMode?
- ValidateRequest="false" doesn't work when posting HTML values
- Asp.Net Validaterequest False