473,320 Members | 1,732 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

ValidateRequest=False HtmlEncode and The Best Method

I guess I'm not understanding this correctly.

I have to set "ValidateRequest=False" for my asp.net 1.1 page that has a
TextBox... so that I can avoid an error... if some user enters
some html or script coding into it. (Should I HtmlEncode it with
Server.htmlEncode or HttpServerUtility.HtmlEncode ???)

From what I've read... I guess I'm supposed to do it this way:
1. HtmlEncode the user input that's in the TextBox.
2. Save it to the database.
then...
3. Load it from the database.
4. Decode it.
5. Display it to the user.

Isn't step #1 wasting extra database space? (Since encoding changes some
single characters into 4 characters.)
And step #2 is saving "safe text". (But it can't really harm anyone just
sitting in the database... as unsafe-text.)
And doesn't #4 convert the safe-text back into UNSAFE text? (Is that
wise????)

=======================

Or would this method make more sense:
A. Save the unsafe-text to the database... as-in.
then...
B. Load it from the database.
C. Encode it. (Converting unsafe-text to safe-text)
D. Display it to the user.

Help!

Sep 5 '06 #1
0 1486

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: mar | last post by:
Does anybody know what configuration section should i set to false here. I also tried setting the page directive to false but that didn't fix it. Thanks! mc A potentially dangerous...
0
by: Martin Colmenares | last post by:
After I set my <%@ page ValidateRequest="false" %> , I still get the error illustrated below. The msdn mentioned something about filtering using the HTMLEncode. This is a snippet of the code that...
2
by: Tim Zych | last post by:
I'm trying to stop .Net from validating data entered into a textbox. When I enter < or > .Net returns an error: potentially dangerous Request.Form value was detected from the client... so a...
2
by: AFN | last post by:
I have a form with 15 fields. I want users to be able to enter "<" and ">" characters into 1 of those fields without IIS catching it and disallowing the whole page. I did some reading and I...
8
by: Max Metral | last post by:
Ok, I have a global page class derived from System.Web.UI.Page, let's call it BasePage. I have another class derived from that called MemberPage. It checks the Form collection if it's a post for...
4
by: Raterus | last post by:
I'm assuming the answer to this is a big "NO", but is it possible to disable validation checks for a particular control, instead of setting ValidateRequest=False in the page directive? --Michael
4
by: Dave H | last post by:
If put this into my Web.config. Shouldn't this turn off the ValiateRequest app wide? <configuration> <system.web> <pages buffer="true" validateRequest="false" /> I pass SQL around to...
2
by: \A_Michigan_User\ | last post by:
*WITHOUT* using: ValidateRequest="False" for the whole page (or my whole site).... How would I trap/detect that a textBox contains some illegal characters? (I'm using asp.net v1.1 and vb.net)...
2
by: sreenipvr | last post by:
hi frnds can any of u tell me how can we increase the performance by making Validaterequest=false?
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.