Web Forms :: Encoding On Input And Decoding On Output?
Jan 26, 2011
I would like to make sure that everything that goes into my database is safe, i.e. protection from sql injection.
What I want to do is type something in a textbox, "<b>hello</b>" for example, it be encoded before it's put in the database, but when I retrieve it, I want it to display "hello" in bold.
I've tried the obvious of server.encode on input and server.decode on the output (to a label and a literal control), but couldn't get it to display the text in bold without having unencoded text in the database.
I am starting work on an already fully developed site. This site has no input encoding or output encoding. If some one ebters <input type="text"> in an insert form it is displayed as a real tex box when viewing that form details.
So how can i apply encoding at input or output to the WHOLE SITE?
turning on validate request is not an option as the cms wud need it off.
also this is .net 3.5 so no question od using <%: tags.
I need to encode querystring from the aspx itself, like we do <%Eval()%>.Below is my html
<asp:HyperLinkField HeaderText="Your Header" DataNavigateUrlFields="userId" DataTextField="Your Data Field to Display" HeaderStyle-HorizontalAlign="Center" DataNavigateUrlFormatString="mypage.aspx?type=2&userId={0}" ItemStyle-Width="35%" ItemStyle-HorizontalAlign="Left" />
Here i want to encrypt or simply encode the parameters type and userid so that it will look like encrypted.
How can I stop ASP.Net from encoding anchor tags in List Items when the page renders?I have a collection of objects. Each object has a link property. I did a foreach and tried to output the links in a BulletedList, but ASP encoded all the links.Here's the offending snippet of code. When the user picks a specialty, I use the SelectedIndexChange event to clear and add links to the BulletedList:
if (SpecialtyList.SelectedIndex > 0) { PhysicianLinks.Items.Clear();
Yet for some reason an ASP TextBox with the TextMode="MultiLine" allows inputs of characters outside of UTF-8. When I paste the following line of text into an ASP TextBox that is not MultiLine
the non UTF-8 characters are replaced, but not when I use a MultiLine TextBox.
EDIT: To explain a little more the set up I am seeing this problem in, here are 4 text areas that can be put on an ASP page.
how to handle html and scriptswhat . if I build my own CMS? Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.
What's the best way to do this, since I wont want to display the encoded html, but the html itself.
Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?
I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in. What if I WANT the user to be able to display html? Is it possible to decode only some tags but leave all other tags encoded?
I have several VB.NET functions which pass and receive values from executed stored procedures using parameters. However, the latest method I am using seems to be a little too specific on the datatype and data length of the parameters for my liking (i.e.
LogActivityCommand.Parameters.Add("@strErrSource", SqlDbType.NVarChar, 300).Value = strErrSource). For example:
[code]....
If I end up changing the datatype and data length properties of the variables in my SQL stored procedures in the future, I am going to have to re-visit my VB code too and alter the parameter settings here as well.
So here is what I would like to do. Lets say I have a view that can do multiple things, and thus talk to several different controllers. For example, it might create a new group, or change the name of an existing group, or add a user to some group. Now, for the view to display correctly, it would only need the username, a list of groups, and possibly a list of users. Yet for the controllers to work they would need a different set of information, the userid to be added to a group, the name of a new group, or the name and id of a group to edit.
With this setup, there would be a potential of several different models for both input to the view, and output to the different controllers. I like the idea of using the helpers Html.Textboxfor() ect. to create the different submission elements, but I don't so much like the idea of having one giant model (Even if it just a model that inherits or has several sub models) that gets passed around everywhere for this view. It seems...
Perhaps there is a better way to do this (if so, feel free to smacking me around with a few "Your and idiot"s) but is there any way to have a separate input and output model for a view?
I need to write an asmx service that takes the xml file as input and also gives an xml as output which are validated using an xsd..
I was trying to read about the services that accept xml inputs and return xml outputs.. but all in vain, I couldn't find a proper tutorial and sample codes to work on..
Can anyone give some links to some nice tutorials and samples with asmx services accepting xml data and returning xml data..
I have written a web mailer that can send and receive emails and display them on a webpage.I have a problem displaying special characters though. Like Russian, and Greek and chinese.I am using openpop.net and I can get the encoding of the incoming email as one of my variables.Thing is, how do I display it? Do I set the content encoding of the whole page to what that specific email encoding is?I've got it UTF-8 at the moment and I get garbage.
Im pulling out a text field from the database which has and 's in it for line breaks. Which I have left there for pupose of being able to edit the fields later on.
So when i try to display the text I need to replace them which I have done with:
[Code]....
Simple enough. Only when I run the page the source code I get for it is:
<br />
So it seems its not encoding the < as a encode but into the form <
Does anyone know how to stop this happen. Or a method around it?
I have vendors who are passing customers to us via an encoded URL. The problem is that Request.QueryString["FieldName"] is returning NULL on some of them and I can't fiqure out why?
For Example, one vendor is sending : http://.....ViewListing.aspx%3FListingID%3D1187721%26Source%3D6"] which returns a NULL value when Request.QueryString["ListingID"] is used.
Using Server.UrlDecode(Request.RawUrl.ToString()), however, will decode itpProperly as /ViewListing.aspx?ListingID=1187721&Source=6
How do I get the Request object to properly retrieve the values?
When I want to get the output values its okay but I also want returning a table as a result data.But Datareader has no rows.is it possible if I want a returning query result and multiple output values togather ?I wrote a test above.I can get output values as sqlparameters. But Datareader attached to a Gridview is empty.can you detect whats wrong here and it doesnt return a query result.So stored procedure is not standart or ı am doing something wrong.this doesnt raise any exception.but not returning any data.
I have a method in wcf which returns stream of custom object. I need to deserialize this stream at client side, but my custom class which is exposed as data contract is not visible through client proxy. When I add a dummy operation contract which returns the custome object I am able to get this custom class. I dont want to write this dummy method as there are many such custom classes.
Is there any way to expose data contract without writing any operation contract that returns or accepts data contract type object?
I am trying to set up a POST from one aspx file to another progromatically. Inside the POST is a String of XML data which i have properly added to Server.HtmlEncode(). For some reason, when I grab it in my logs on the other page, it is showing with 3 question marks. I at first thought it was logging text i left somewhere, but have narrowed it down to a Encoding error of some sort because when i change the encoding it changes the character, and when I just put some text in there, i see it on the other side fine. i have tried UTF 8,UTF32,Unicode,ASCII... Can't seem to find the right combination. Can't find the UTF-16 when I use the Encoding object
Below is my Code:
[Code]....My Sending Debug log has the Extension xml coming out in HTML format correctly before POST. Below is just a piece of it[Code]....
First off, suggest better ways if you want rather than patch up this code. I am just starting this project and it is first time I have tried to code a web site so anything you suggest is very much welcomed. I have spent the last 2 and 1/2 days trying to find workable answers to this but none I have found and tried seem to fit. If needed I can email screens shots or code. I am trying to construct a website that will have the same main theme throughout as far as the header, navbars sitemap, and footer go. Naturally the content will vary from page to page. I want to use a single master page and css stylesheet for this main theme and I will change the content format as needed per page because each page may vary somewhat.
However, about 15 of the pages will all use the same format for their content and this format will differ from the rest of the site but the format of the main theme will stay the same. So I am trying to create a nested master page to use to format the just the content area for all these pages while retaining the main theme for the header, etc.. I believe I should use a separate css file with the nested master page to handle the formatting of the content areas for these 15 pages. I have code that looks like it works when viewed in web developer but design view but does not work when viewd through a browser (IE, Chrome, Firefox). So far I have the following done in web developer.
If it helps the code and screen shots follow. Master Page called "Parent.master". For all theme throughout site Nested Master Page called "Lab.master". For the 15 like pages Primary stylesheet file for main theme called "StylesheetNew.css" For site theme Secondary stylesheet file to syle the 15 like formatted pages. It is called Labmaster.css Labs.apsx file to use as first of the 15 like pages. Finally screens shots from web developer and browser. Sorry try as I might I could not capture screenshots and put them into this post. The problem is that web developer shows all the area (many lines high) with gray background and with the XXX text that I want to allocate for content in the 15 pages. Yet all the browser show is one line of text o a white background followed by the footer. It looks like the LabStyleSheet works in Web Developer but not in a browser.
I recently started learning about HttpModules and made my first one. I was wondering if someone could explain why some modules in the the web.config include a lot of extra info and others do not.
I have an AJAX service where I'm pulling HTML content. I want to Response.Write() it to the browser as a string. I can't figure out how to do it so it remains a string like this rather than formatting the HTML:
I have this string test = HttpUtility.HtmlDecode("http://test.com/Folder1/Folder2/my%20view.aspx");When I look into test it still has %20 instead of a space. Why is it not decoding this?
