One, placing a "<script" in a text box will bomb a typical installation of
asp.net.
You can wire to the onblur event for the text box and replace all
"<(anychar)" with "< (anychar)" and then inspect for "<script" tag and
remove them.
bill
"DDK" <dd*******@hotmail.com> wrote in message
news:Oq**************@tk2msftngp13.phx.gbl...
How would I let users input HTML in a textbox, while securing it from
script attacks with ASP.NET + C#?
Thanks,
d.