Reputation: 2717
Allow illegal characters in textbox
I have created a textbox for my users to enter their comments. So, sometimes they copy the error that has been raised in the application and paste in the textbox along with comments. It may include illegal characters (eg. </11>) but it should be saved but my .aspx is not allowing. I don't know how to handle this. thanks!
Upvotes: 1
Views: 3437
Answers (4)
Reputation: 12721
If you want user to edit TextBox and enter html tags you can disable this via
<%@ Page validateRequest="false" ...>
or in the web.config for your entire application:
<system.web>
<page validateRequest="false" />
</system.web>
Note that this ValidateRequest property is not existing without reason. When you change its default value, insecure input will be accepted. Because of that, you need to validate every user's input to avoid cross-site scripting attacks, like inserting of malicious JavaScript, ActiveX, Flash or HTML
Another smart solution is to replace via javascript text written by user to make it safe for validation.
< anyword> , instead of <anyword> is considered safe!
function validateTxt() {
$("textarea, input[type='text']").change(function () {
html = $(this).val(); //get the value
//.replace("a" , "b") works only on first occurrence of "a"
html = html.replace(/< /g, "<"); //before: if there's space after < remove
html = html.replace(/</g, "< "); // add space after <
$(this).val(html); //set new value
});
}
$(document).ready(function () {
validateTxt();
});
Upvotes: 3
Reputation: 9323
It could be due to the HTML being rejected server-side, as a security precaution.
You can disable this check by either:
Adding the following attribute to the page header <%@ Page validateRequest="false" %>
or making the change application wide in the Web.Config:
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
Upvotes: 0
Reputation: 1759
i assume you are talking about an exception message like "A potentially dangerous Request.Form value was detected from the client..."
that is the asp.net request validation in action. this can be disabled at the page or site level, but there are risks associated with doing so.
it is done with ValidateRequest="false" in the page directive or in web.config.
more information here: http://www.asp.net/learn/whitepapers/request-validation
Upvotes: 3
Reputation: 3727
You can try to encode the content in Base64 before transferring it. But i'm not sure my solution is really good.
http://nolovelust.com/post/classic-asp-base64-encoder-decoder.aspx
Upvotes: 0
Related Questions
- ASP.Net Validation for a textbox - must have minimum of 1 number but want to allow special characters & letters
- check string for invalid characters
- Disallow if user eneter All special characters in textbox validation c#
- Allowable characters in a web form
- Charset validation in web text field
- ASP.NET request validation with HTML encoded characters
- Textbox validation forcing error
- How to validate special character entry in any controls within a page?
- Prevent special characters in a TextBox
- ASP.NET Validation