473,796 Members | 2,570 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

HtmlEncode for all controls

Hello all,
I am familiar with the HtmlEncode Server method.

I also read this : http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncod eAll() or HtmlEncodeAllIn puts() etc.

Many thanks.
Apr 9 '08 #1
7 3674
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncod eAll() or HtmlEncodeAllIn puts() etc.
No.
Actually you want to use HtmlEncode when writing data to Response, not
when reading data from a user

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #2
No.
Actually you want to use HtmlEncode when writing data to Response, not
when reading data from a user

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.

For example, I have the following html_encode1.as p file:

------------------------------------------------------
<%@ language="vbscr ipt"%>
<html>
<body>
<form action="html_en code1.asp" method="post">
<input type="text" name="txtbox">
<textarea name="txtarea" width=50 height=30/></textarea>
<input type="submit" value="Submit" />
</form>

<%
dim fname
fname=Request.F orm("txtarea")
fname = Server.HTMLEnco de(fname)
If fname<>"" Then
Response.Write( "Hello " & fname & "!<br />")
Response.Write( "How are you today?")
End If
%>
</body>
</html>
------------------------------------------------------

Please disregard the content. It is not the issue.
As you can see I have here 2 input controls: A TextBox and a TextArea.
On both I need to operate the HtmlEncode for security purpuses.
Now suppose I have 100 controls per page and 100 pages (I am
exaggerating of course, but just for theory prupuses).
Should I now activate HtmlEncode for each on of the controls per each
one of the pages?

Thanks again.
Apr 9 '08 #3
jaja wrote:
>No.
Actually you want to use HtmlEncode when writing data to Response,
not when reading data from a user

Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.
No, I totally understood your question, and my answer still stands.
You're not "activating HtmlEncode": You are calling a method called
HTMLEncode that is contained in the Server object. That method replaces
certain characters in the string provided via the argument with the HTML
codes for those characters and returns the resulting string to the
calling procedure.

There is no shortcut here, except for eliminating one unnecessary line
of code. All you really need is:

fname=Request.F orm("txtarea")
If fname<>"" Then
Response.Write( "Hello " & _
Server.HTMLEnco de(fname) & "!<br />")
Response.Write( "How are you today?")
End If

Again, the only place you need to use the method is when you are
actually writing the value to response. There is no value, security or
otherwise, to using it anywhere else.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #4
Ok, Thank you Bob.
Apr 9 '08 #5
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncod eAll() or HtmlEncodeAllIn puts() etc.

Many thanks.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #6
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncod eAll() or HtmlEncodeAllIn puts() etc.

Actually, you could write your own function and include it via SSI in
all your pages:

ProcedureLibrar y.asp
<%
Sub WriteToResponse (sData, bEncode)
If bEncode Then
Response.Write Server.HTMLEnco de(sData)
Else
Response.Write sData
End If
End Sub
%>

Then in your html_encode1.as p page:

<!--#include file=procedureL ibrary.asp-->
<%
dim fname
fname=Request.F orm("txtarea")
If fname<>"" Then
WriteToResponse "Hello " & fname, true
WriteToResponse "!<br />",false
WriteToResponse "How are you today?", false
End If
%>

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #7
On 9 אפריל, 18:02, "Bob Barrows [MVP]" <reb01...@NOyah oo.SPAMcom>
wrote:
jaja wrote:
Hello all,
*I am familiar with the HtmlEncode Server method.
*I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx
*My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.
*Something like Input.HtmlEncod eAll() or HtmlEncodeAllIn puts() etc.

Actually, you could write your own function and include it via SSI in
all your pages:

ProcedureLibrar y.asp
<%
Sub WriteToResponse (sData, bEncode)
If bEncode Then
* * Response.Write Server.HTMLEnco de(sData)
Else
* * Response.Write sData
End If
End Sub
%>

Then in your html_encode1.as p page:

<!--#include file=procedureL ibrary.asp-->
<%
dim fname
fname=Request.F orm("txtarea")
If fname<>"" Then
* * * WriteToResponse "Hello " & fname, true
* * * WriteToResponse "!<br />",false
* * * WriteToResponse "How are you today?", false
End If
%>

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thank you Bob for the nice tip.
I would have hoped there will we maybe a Server object property which
I will be able to set and it will do the work, but apparently there
isn't.
Thanks, again!
Apr 10 '08 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
4088
server.HTMLEncode
by: abcd | last post by:
Simple but not working at this moment I have to fill the HTML select control.... my values could be for example "test number 1" sample code, dim x Data = "test number 1"
ASP / Active Server Pages
0
3091
DataGrid and Htmlencode
by: Michal Raatz | last post by:
Welcome. I have a common problem with the datagrid: when the data source contains html tags (<script>document.location.href='www.badsite.com'</script> for example) the page with the datagrid becomes unsafe. I have found two possible solutions in the net: - using template columns and HTMLEncode - using ItemCreated event of the datagrid Both method works but the grid grows drasticly. And when I have dynamicly created SQL query, used with...
ASP.NET
0
2664
How to use Server.HtmlEncode in DataGrid Bind
by: Makarand | last post by:
Hi All As we use Server.HtmlEncode method when assigning values to other web controls, i want to do HTMLEncoding while data is binded to DataGrid. How can I acieved this. Basically if the data which i am binding is having something like '<B>XYSADK</B>' then while showing it on the form it shows XYSADK in BOLD letter, I want to avoid it and it should be <B>XYSADK</B>.
ASP.NET
8
5691
how to loop all form fields and HtmlEncode text?
by: AFN | last post by:
I want to have a routine in a page base class that will take all the text fields on a web form, and then HtmlEncode their values. I'm having trouble figuring out if I want to loop controls or loop through server.form? I'm also having trouble figuring out which ones are text fields (versus, say, pulldowns)? I'm also having trouble deciding if I need to pass context to my base class
ASP.NET
3
4111
Server.HTMLEncode and performance
by: Michael Gaillez | last post by:
Hi, I'm dynamically loading an assembly into an ASP.NET application. In the control that I load from that dynamic assembly I've tried to use Server.HTMLEncode but this results in a serious performance loss. Is there anyone who knows why or is there an alternative for server.htmlencode method? Without the server.htmlencode the thingy works very fine. greetz
ASP.NET
4
4683
HtmlEncode with apostrophes
by: Andy Fish | last post by:
When using databinding, I have gotten into the habit of using single quotes (apostrophe) round attribute values rather than double quotes because this allows visual studio to work when there are quotation marks in the databinding expression. As far as I can tell this seems to be recommended practice. However, I just realised that HtmlEncode doesn't encode apostrophes, so if you do something like this <a href=......
ASP.NET
3
2892
HtmlEncode not working? Or am I missing something
by: David Lozzi | last post by:
Howdy, I have my left navigation of Hyperlinks, and part of the link's querystring is the title of the page they are going to. For example, one of the pages is Cars & Trucks. With HtmlEncode, it translates it to Cars%20&%20Trucks. The ampersand is still there. Shouldn't the HtmlEncode translate that? So on the page the title is Cars because its translating the & as a new name/value pair. Any suggestions? Thanks!
ASP.NET
1
14566
Server.HTMLEncode with UTF-8
by: Marco Miltenburg | last post by:
While working on some multilingual code I found a rather strange thing happening with Server.HTMLEncode. While loading different languages I change the Codepage and Charset in ASP to reflect the language. This all works fine. However when I tried to use Charset UTF-8 with Codepage 65001 everywhere I found that HTMLEncode always translates all UTF-8 characters to &#xxxx. Example:
ASP / Active Server Pages
1
2758
HTMLEncode: low surrogate char Error
by: Alexander Higgins | last post by:
>>Thanks for the response.... Point Taken but this is not the case. Thus, if a person writes a text file on her or his computer and does not use UNICODE to save it, the current code page is used. If this file is given to someone with some other current codepage, the file is not displayed correctly. Simply converting the file to Unicode will make the data display properly. When performing the encoding process the encoding will escape...
.NET Framework
0
9684
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look ! Part I. Meaning of...
General
0
10459
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10236
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10182
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
10017
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
6793
Couldnt get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5445
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4120
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3734
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us