Security :: Decode A Text That Is Encoded Using AntiXss?
Jun 25, 2010
I have saved all data that comes through Input boxes using AntiXss.HtmlEncode(the text from in put box); Now all texts in my databse are HtmlEncoded So now i want to show them in text boxesSo iave to decode that ?
How can i decode a text that is encoded using AntiXss
According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example):[URL]My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.location with JS. So why don't I use HtmlAttributeEncode in the previous example to encode [Untrusted-input]? On the other hand is there a security flaw if I use UrlEncode to encode HTML attributes like in the above sample?
When you can simply encode the data using HttpUtility.HtmlEncode, why should we use AntiXss.HtmlEncode? Why is white list approach better than black listing?Also, in the Anti XSS library, where do I specify the whitelist?
I want to include Microsoft AntiXss V1.5 library on my live site running in a medium trust setting.However, I got an error something like:Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.I tried this in full trust setting on my development machine and everything works good.Looks like this will run only in full trust configuration.
Another beginner question, I'm afraid... I was wondering if someone could tell me the easiest and most efficient way of getting the fully qualified domain name (e.g. www.google.com) from a UrlEncoded string in ASP.Net (C#).For example: http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dsome%20things%20i%20searched%20forWould give me: www.google.com(Or basically anything where I can check the domain to make sure it's correct.)I'm guessing the first step might be to UrlDecode, but since this is how I'm getting the string, I thought I'd mention it incase it's easier Encoded.
I am working on a Japanese File and I have no knowledge of the language. The file is encoded in S-JIS. Now, I am supposed to convert the contents into UTF-8 so that the content looks like Japanese. And here I am completely blank. I tried the following code that I found somewhere on Internet but no luck:
in asp.net mvc 3 preview 1 automaticly encodes html, is there an alternative way to let there be html?think of this cenario:@view.BestSitesEver.Replace("stackoverflow", "<h1>StackOverflow</h1>")That would just print out: <h1>stackoverflow</h1>
I want to read .dat file using Asp.Net C#. I have some details in my .dat file and I want to decode it and need to display on my web page. I already tried to decode it but it was not working properly. Its showing boxes in my web page.
I'm having a problem using a xml file as datasource for my gridview.
I create this xml file myself using XMLTextWriter class, the file is created parsing an existing excel file so I don't have control over the data retrieved from the excel file. Using XMLTextWriter does encode the special characters correctly, for example: <Enter> instead of <Enter>. The problem is when I try to open this created xml for editing, I use a GridView and bind all the data but special character data is not show in the row.
Excel Data: Enter “E” or “e” and press <Enter> XML Data: Enter “E” or “e” and press <Enter> Data in GridView: Enter “E” or “e” and press
Is there a way to force the the GridView to decode the xml attributes correctly?
I have a URL which is in a ASP.NET repeater control:[URL]This gets encoded to & when it gets rendered to the browser.We have tried decoding it using server side tags in the repeater, that did not work.How can i stop this from happening?[URL]
I am using a third party Web Service. I am passing a string to a function in that service, that string, which i am reading from a UTF-8 text file. The problem it that the string contain some non ASCII characters.
Now if i save that text file to ANSI format, read it in a string and pass that string to Service then it works smoothly but with UTF-8 encoded string the service throw exception [Code]....
NON ASCII characters UTF-8 encoding SOAP
I am using ASP.NET.
Third party sevice is in java. I also tried it by making a web service in .net, but there was issue there too.
I have Russian blog built with BlogEngine.NET 1.5.
I use Russian words in links encoded with URLEncode, so links are human-readable in most browsers - FF, Chrome, Opera (except for IE, but this is not the real problem with this browser). This idea is not mine, I borrowed it from Wikipedia - it uses encoded URLs on localized sites.
The real problem is that when I am trying to add comment in IE8 it fails (and only on production machine, development environment works fine).
Using Fiddler I found out that IE tries to send AJAX callback using WebForm_DoCallback to wrong address - it seems that it decodes URL, gets wrong characters and asks page with that wrong address from server and (of course) receives 404.
Here is how incorrect request from IE looks in Fiddler:
POST /ru/post/ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½-ï¿½ï¿½ï¿½ï¿½ï¿½.aspx HTTP/1.1
Here is how FF makes same request and gets correct response:
POST /ru/post/%D0%92%D1%81%D1%82%D1%83%D0%BF%D0%B8%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%BE%D0%B5-%D1%81%D0%BB%D0%BE%D0%B2%D0%BE.aspx HTTP/1.1
I upgraded solution from default ASP.NET 2.0 for BE to ASP.NET 3.5 but this changed nothing. I made some minor changes in BE to allow properly encoded UTF links - by default it wipes out percent symbol from links.
what wrong is with IE behavior here and how to fix it? Why development environment under ASP.NET Development works different from production machine under IIS6? Why IE does not decode link in address bar (like other browsers) but does it when making request?
When you render one of the "built in" html helpers (say "TextBoxFor") with ":" (so it's encoded) it renders fine.However if I render the following (a custom file input helper) with ":", the markup are displayed.I understand why. Just don't know how to prevent this (no, I want to stay with ":" and not use "=")(I looked at the source code for the built in ones, but can't see what I'm missing: ttp://aspnet.codeplex.com/SourceControl/changeset/view/23011#288010 )
I'm using ASP.NET with sql-server. I have an area where the user can enter text of a maximum amount. I encode this text as a good measure but the encoded length can be greater than this maximum amount when I try to insert it into the database.
Special characters are encoded on 3 characters. I can't show the user that he has exceeded the max amount of characters because from his perspective he hasn't. I also can't set the database field to the worst case scenario (being 3 times my max amount).
I am creating a web site in .Net 3.5 , I am converting the string into Base64String to send it through querystring.The Response.Redirect works fine for smaller string. But if the original string size is 1670,the response.redirect results in error "Page can not be found".item is the string in below code snippet.
byte data = Encoding.Default.GetBytes(item); return Convert.ToBase64String(data)
Edit I'd misunderstood what was happening here.. there is a POST send, then receive back a result, then the URL string which I'm seeing here is part of the the query string... so I can't decode what this really is, as it is encoded by the payment gateway people and not me.