I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Follow ing error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<st rong>...").
Plz Help... 4 10802
ASP.Net 1.1 had a new feature which tries to protect against script
injection attacks. Check out http://asp.net/faq/RequestValidation.aspx for
more information.
Quickly though you can disable this via <%@ Page validateRequest ="false"
....>
or in the web.config for your entier application:
<system.web>
<page validateRequest ="false" />
</system.web>
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/
"Deepak Mehta" <de********@gma il.com> wrote in message
news:b0******** *************** *@posting.googl e.com... I hv to store data with HTML tags in database. user will input data with html tags for e.g.<strong> Name <strong>. And when i will read data in webpage then "Name" should eb bold. but i m getting problem in storing data in database. When i input text with html tags in textbox and click on submit...Follow ing error comes: A potentially dangerous Request.Form value was detected from the client (textbox11="<st rong>...").
Plz Help...
Hi Deepak,
That's a security measure built into ASP.NET 1.1 to stop hackers from
inserting scripting attacks.
"In ASP.NET 1.1, when turned on, the ValidateRequest attribute on the @Page
directive checks that users are not sending potentially dangerous HTML
markup in query strings, cookies, or form fields. If that is detected, an
exception is thrown and the request aborts. The attribute is on by default;
you don't have to do anything to be protected. If you want to allow HTML
markup to pass, then you must actively disable it."
<%@ Page ValidateRequest ="false" %>
Let us know?
Ken
Microsoft MVP [ASP.NET]
Toronto
"Deepak Mehta" <de********@gma il.com> wrote in message
news:b0******** *************** *@posting.googl e.com... I hv to store data with HTML tags in database. user will input data with html tags for e.g.<strong> Name <strong>. And when i will read data in webpage then "Name" should eb bold. but i m getting problem in storing data in database. When i input text with html tags in textbox and click on submit...Follow ing error comes: A potentially dangerous Request.Form value was detected from the client (textbox11="<st rong>...").
Plz Help...
Here's the link for more info. Look for ValidateRequest : http://msdn.microsoft.com/library/de...tybarriers.asp
"Deepak Mehta" <de********@gma il.com> wrote in message
news:b0******** *************** *@posting.googl e.com... I hv to store data with HTML tags in database. user will input data with html tags for e.g.<strong> Name <strong>. And when i will read data in webpage then "Name" should eb bold. but i m getting problem in storing data in database. When i input text with html tags in textbox and click on submit...Follow ing error comes: A potentially dangerous Request.Form value was detected from the client (textbox11="<st rong>...").
Plz Help...
I will say the this type of code i.e., embedding the UI code in the database
is not standard way. When you
do a code it should follow tier architecture so, that the presentation and
business logic
will be separated. And, other demerit of this code is ,even if asp is
accepting a request data which contains
a html elements will not safe as it might get hacked by the users.
If you allow html tags in your user input forms, one can execute a
javascript located in somewhere else
to do some unwanted activities.
So, my suggestion is avoid this kind of code and try to be more standard
in your coding strategies.
--
Vadivel Kumar
http:\\charpblo gs.blogspot.com
"Deepak Mehta" <de********@gma il.com> wrote in message
news:b0******** *************** *@posting.googl e.com... I hv to store data with HTML tags in database. user will input data with html tags for e.g.<strong> Name <strong>. And when i will read data in webpage then "Name" should eb bold. but i m getting problem in storing data in database. When i input text with html tags in textbox and click on submit...Follow ing error comes: A potentially dangerous Request.Form value was detected from the client (textbox11="<st rong>...").
Plz Help... This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Donald Firesmith |
last post by:
Are html tags allowed within meta tags? Specifically, if I have html
tags within a <definition> tag within XML, can I use the definition as
the content within the <meta content="description> tag? If not, is
there an easy way to strip the html tags from the <definition> content
before inserting the content into the meta tag?
|
by: Jeff North |
last post by:
Hi,
I'm using a control called HTMLArea which allows a person to enter
text and converts the format instructions to html tags. Most of my
users know nothing about html so this is perfect for my use.
http://www.interactivetools.com/products/htmlarea/
This only works with IE5.5+.
What I need to do is to take this html formatted text and only display
part of the text on a web page (much like a news article which shows
only part of the...
|
by: Robert Bowen |
last post by:
Hello peeplez. I have an odd problem. When I put the ANSI symbol for
"less than" ("<"), the word STRONG and then the ANSI symbol for
"greater than" (">") in my web page, followed by some text, then close
the STRONG tag the same way, my text appears in bold. No problem.
When I do the same things with the corresponding HTML tags (< ,
> ) the tag is not interpreted, it is simply displayed:
<STRONG>text</STRONG>
|
by: hoz |
last post by:
Hi ,
i have a web from contains textbox and insert to db button .When i write
html tags inside text , the code is blocked , how can i enter information
like ?
<p> Hi </p>
thanks
|
by: Joe via DotNetMonster.com |
last post by:
Hi,
I have an form that saves to a database. I would like the user to be able to enter HTML tags into the Textbox Control fields but I get an error message when entering HTML tags:
A potentially dangerous Request.Form value was detected from the client (pArticleText="Test<p>").
I'm new to ASP.NET so I'm not sure what would be the best way.
Thanks
| |
by: Spondishy |
last post by:
Hi,
I'm looking for help with a regular expression and c#.
I want to remove all tags from a piece of html except the following.
<a>
<b>
<h1>
<h2>
|
by: Barry L. Camp |
last post by:
Hi all... hope someone can help out.
Not a unique situation, but my search for a solution has not yielded
what I need yet.
I'm trying to come up with a regular expression for a
RegularExpressionValidator that will allow certain HTML tags:
<a>, <b>, <blockquote>, <br>, <i>, <img>, <li>, <ol>, <p>, <quote>,
<ul>
|
by: V S Rawat |
last post by:
I joined this ng and tried to post my first message that had a small php
code (HTML and all).
my newsserver aioe.net rejected the post saying "HTML Tags".
My message was in text format, not in html format, but it obviously had
html tags.
Now, a php or a perl/ cgi or a javascript ng is always going to had html
tags in posted messages. What is the point in not allowing Html tags?
|
by: SM |
last post by:
Hello,
I have a couple of XML files that represent articles. Each XML file is
unique. Meaning that overall the structure is the same but some tags
in the xml file are not in the same place or doesn't exist.
i.e.
<DOC>
<title>Book title</title>
<p>This is a paragrap</p>
<header>Header</header>
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |