473,397 Members | 2,033 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > htmlencode for all controls

Join Bytes to post your question to a community of 473,397 software developers and data experts.

HtmlEncode for all controls

Hello all,
I am familiar with the HtmlEncode Server method.

I also read this : http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.

Many thanks.
Apr 9 '08 #1
7 3653
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.
No.
Actually you want to use HtmlEncode when writing data to Response, not
when reading data from a user

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #2
No.
Actually you want to use HtmlEncode when writing data to Response, not
when reading data from a user

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.

For example, I have the following html_encode1.asp file:

------------------------------------------------------
<%@ language="vbscript"%>
<html>
<body>
<form action="html_encode1.asp" method="post">
<input type="text" name="txtbox">
<textarea name="txtarea" width=50 height=30/></textarea>
<input type="submit" value="Submit" />
</form>

<%
dim fname
fname=Request.Form("txtarea")
fname = Server.HTMLEncode(fname)
If fname<>"" Then
Response.Write("Hello " & fname & "!<br />")
Response.Write("How are you today?")
End If
%>
</body>
</html>
------------------------------------------------------

Please disregard the content. It is not the issue.
As you can see I have here 2 input controls: A TextBox and a TextArea.
On both I need to operate the HtmlEncode for security purpuses.
Now suppose I have 100 controls per page and 100 pages (I am
exaggerating of course, but just for theory prupuses).
Should I now activate HtmlEncode for each on of the controls per each
one of the pages?

Thanks again.
Apr 9 '08 #3
jaja wrote:
>No.
Actually you want to use HtmlEncode when writing data to Response,
not when reading data from a user

Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.
No, I totally understood your question, and my answer still stands.
You're not "activating HtmlEncode": You are calling a method called
HTMLEncode that is contained in the Server object. That method replaces
certain characters in the string provided via the argument with the HTML
codes for those characters and returns the resulting string to the
calling procedure.

There is no shortcut here, except for eliminating one unnecessary line
of code. All you really need is:

fname=Request.Form("txtarea")
If fname<>"" Then
Response.Write("Hello " & _
Server.HTMLEncode(fname) & "!<br />")
Response.Write("How are you today?")
End If

Again, the only place you need to use the method is when you are
actually writing the value to response. There is no value, security or
otherwise, to using it anywhere else.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #4
Ok, Thank you Bob.
Apr 9 '08 #5
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.

Many thanks.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #6
jaja wrote:
Hello all,
I am familiar with the HtmlEncode Server method.

I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx

My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.

Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.

Actually, you could write your own function and include it via SSI in
all your pages:

ProcedureLibrary.asp
<%
Sub WriteToResponse(sData, bEncode)
If bEncode Then
Response.Write Server.HTMLEncode(sData)
Else
Response.Write sData
End If
End Sub
%>

Then in your html_encode1.asp page:

<!--#include file=procedureLibrary.asp-->
<%
dim fname
fname=Request.Form("txtarea")
If fname<>"" Then
WriteToResponse "Hello " & fname, true
WriteToResponse "!<br />",false
WriteToResponse "How are you today?", false
End If
%>

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Apr 9 '08 #7
On 9 אפריל, 18:02, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
wrote:
jaja wrote:
Hello all,
*I am familiar with the HtmlEncode Server method.
*I also read this :
http://msdn2.microsoft.com/en-us/lib...kt(VS.80).aspx
*My question is: If I want to encode all inputs from user, can I apply
this encoding for all "Input" fields on my site in a single action.
*Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.

Actually, you could write your own function and include it via SSI in
all your pages:

ProcedureLibrary.asp
<%
Sub WriteToResponse(sData, bEncode)
If bEncode Then
* * Response.Write Server.HTMLEncode(sData)
Else
* * Response.Write sData
End If
End Sub
%>

Then in your html_encode1.asp page:

<!--#include file=procedureLibrary.asp-->
<%
dim fname
fname=Request.Form("txtarea")
If fname<>"" Then
* * * WriteToResponse "Hello " & fname, true
* * * WriteToResponse "!<br />",false
* * * WriteToResponse "How are you today?", false
End If
%>

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thank you Bob for the nice tip.
I would have hoped there will we maybe a Server object property which
I will be able to set and it will do the work, but apparently there
isn't.
Thanks, again!
Apr 10 '08 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
server.HTMLEncode
by: abcd | last post by:
Simple but not working at this moment I have to fill the HTML select control.... my values could be for example "test number 1" sample code, dim x Data = "test ...
ASP / Active Server Pages
0
DataGrid and Htmlencode
by: Michal Raatz | last post by:
Welcome. I have a common problem with the datagrid: when the data source contains html tags (<script>document.location.href='www.badsite.com'</script> for example) the page with the datagrid...
ASP.NET
0
How to use Server.HtmlEncode in DataGrid Bind
by: Makarand | last post by:
Hi All As we use Server.HtmlEncode method when assigning values to other web controls, i want to do HTMLEncoding while data is binded to DataGrid. How can I acieved this. Basically if the...
ASP.NET
8
how to loop all form fields and HtmlEncode text?
by: AFN | last post by:
I want to have a routine in a page base class that will take all the text fields on a web form, and then HtmlEncode their values. I'm having trouble figuring out if I want to loop controls or...
ASP.NET
3
Server.HTMLEncode and performance
by: Michael Gaillez | last post by:
Hi, I'm dynamically loading an assembly into an ASP.NET application. In the control that I load from that dynamic assembly I've tried to use Server.HTMLEncode but this results in a serious...
ASP.NET
4
HtmlEncode with apostrophes
by: Andy Fish | last post by:
When using databinding, I have gotten into the habit of using single quotes (apostrophe) round attribute values rather than double quotes because this allows visual studio to work when there are...
ASP.NET
3
HtmlEncode not working? Or am I missing something
by: David Lozzi | last post by:
Howdy, I have my left navigation of Hyperlinks, and part of the link's querystring is the title of the page they are going to. For example, one of the pages is Cars & Trucks. With HtmlEncode, it...
ASP.NET
1
Server.HTMLEncode with UTF-8
by: Marco Miltenburg | last post by:
While working on some multilingual code I found a rather strange thing happening with Server.HTMLEncode. While loading different languages I change the Codepage and Charset in ASP to reflect the...
ASP / Active Server Pages
1
HTMLEncode: low surrogate char Error
by: Alexander Higgins | last post by:
>>Thanks for the response.... Point Taken but this is not the case. Thus, if a person writes a text file on her or his computer and does not use UNICODE to save it, the current code page is...
.NET Framework
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!