MVC :: Remove Script Tags From User Submitted Code?
Feb 14, 2010
Inside my Asp.Net MVC application, in the comments section the user will be able to add html tags (p, h1....) but the problem is: how can I remove any malicious code (script...) from the code the user has submitted?
I have created a .aspx page that contains a web form. The information in the form is submitted to a companies web site and once accepted is manipulated by the company.
This all works wonderful.
My problem is that once the data submitted to their site my page receives a response code. (1 = Member Added, 2 = Updated Member...)
How do I go about capturing this response code? Currently I end up with a blank page and a number in the upper left corner.
if there is there away in javascript to remove any tags that are <h1 /> <h2 /> <h3 /> <h4 /> etc from the HTML editor?i use javascript function below to insert my custom styles from outside the editor, so at the end i need a way to searh all the content and remove the unwanted tags that are created by the editor?
I am trying to build a white list. I am using html agility pack to remove all tags I do not allow. however this only gets ride of these type of script tags
I have an entire web page stored in a string variable. I would like to remove all the <a href tags - everything from <a href= to </a> but making sure that all the other text stays intact. also I want to remove <input type=hidden to the > and <input type=submit to the >
the description which is comming from database has number of <p> </p> these tags so my page is occuyping large amount of blank space. I want to remove all those blank tag which are coming at end of page How to do this?
i have atitle and Image in the news.when i hover on the title,The Details Appears in Atooltip. But the problem is that Alot of Html Tag in my details in the tooltip,Because i wrote the details of the News By Rich Editor(Fck Editor) How to Remove these tag to be clean text?
We have a custom set of custom control tags, eg:<ourTag:OurControl runat="server" />Throughout our project we have discovered Visual Studio's marvelous(sarcasm) helper which automatically pastes an ID with the tags name followed by a counter number. I am now trying to remove them globally.
I'm creating a page that uses a MasterPage and a BasePage. I removed the Title="" from the Page declaration, and I added my own title tags to the page Manually. My page looks like this:
[Code]....
The page displays correctly, and my title tag appears in the header.
However, a few rows below my title tag I see this:
[Code]....
Why are those being inserted automatically? And how can I get them to stop showing up?
I have a fck editor in which the user enters some text. And in the code i want to strip the class,id attributes of the text posted. I know this can be done through regular expressions And i have written some code to do so but unfortunately it's not working.
private string RemoveScripts(string input) { string re1 = "(.*?"; // Non-greedy match on filler string re2 = "(class)"; // Word 1 string re3 = "(=)"; // Any Single Character 1 string re4 = "(".*?"))"; // Double Quote String 1 string re5 = "(id)"; Regex regClass = new Regex(re1 + re2 + re3 + re4, RegexOptions.IgnoreCase | RegexOptions.Singleline); Regex regID = new Regex(re1 + re5 + re3 + re4, RegexOptions.IgnoreCase | RegexOptions.Singleline);
input = regClass.Replace(input, new MatchEvaluator(ReplaceClassID)); input = regID.Replace(input, new MatchEvaluator(ReplaceID)); return input; } private string ReplaceClassID(Match m) { return ""; }
I have a long string containing the ,<p> </p> and <br>. I want to clean my string from all these tags and spaces. How it can be done with String.Replace() method. I am doing separately right now, it is working but is there a way to do it at once, without replace() method.
I am creating a web form for employees to submit recipe's on a web form. The fields are recipe name, ingredients, and the recipe instructions. Majority of the time, employee's will be copying/pasting the text from a word document. Currently I am using the ajax editor control. I know there is a "Paste from Word" button that can be used but all the users are not going to know to use the button.
They may just do a right click to paste or the ctrl v to paste. When this is done, all the html tags from Word are pasted as well. I want to be able to remove the tags.
i want to remove the data and tags from wsdl file using asp.net with c#.. Am already uploading the wsdl file and displaying the content into text box.. I used this code for upload the file..
string str = "C:Documents and SettingsEGCDesktopprakash.wsdl"; StreamReader objstream = new StreamReader(str); TextBox1.Text = objstream.ReadToEnd();
Is it possible to access a code behind property for a server tag? I have a property on my code behind page that i want to pass into a javascript function i.e.
I understand how to localize controls like buttons etc. I'm wondering how to accomplish the same thing with META tags.We use the following code to set META tags from code behind:
Title = AppConfig.CompanyName + " | [some prose that is specific to the page"; // Build META tags
I'm building an asp.net app using themes, and I've assigned a theme to the app using the web config.
I have a bookmark icon that I want to use for my page and it is located in the themes directory, but I am having trouble referencing the themes location from a link tag in my header.
First I tried putting a code block inside the link tags href element, which did not work. Instead all it did was html encode the <% characters and output it directly to the browser:
I am able to put a code block inside an element in an hr tag though, so I don't know why it won't work in a link tag:
<hr test="<%=Page.Theme %>"/>
Then I tried doing a Response.Write inside the head tag, but I got an error saying the Controls collection cannot be modified because the control contains code blocks:
My requirement is to catch the event of an HTML tag being generated because of an asp.net server side control. I want to add an attribute in the HTML tag. For e.g. the following asp.net code
I am generating xhtml in code that is then inserted into the page. Are there class(es) that help with adding tags etc. Then having a function that will output it to a string. (like the xml dom api) code like:
Just wondering what the best approach is to labelling ID's (thats html id's) in .net.
For instance I may have a user control that is embedded in a page more than once. If I have a standard html div in the control with id="my-user-control", then it will duplicated when the page is built.
So what is the best approach for styling your html within user controls, master pages and .net in general?
I am creating a custom control and was wondering if it is possible to render any JavaScript in the head tags of the page it is placed on? I am thinking I would need to use the FindControl method, but am not sure what I need to bind to. I am thinking the page object? Let me know if I am thinking in the right direction or if there is another option.
My only concern with the above mentioned idea is that how do I render all my content while placing some code in the head tags?