When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like javascript. I found some sites
are using UBB code and claim it is safer. I am wonderring if .NET provides
some easier way for this? I feel that .NET does have a feature to avoid user
type in html code, but is there a feature that allows some safe html code
but not others?
Thanks! 4 1443
You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmai l.com> wrote in message
news:ux******** ******@TK2MSFTN GP09.phx.gbl... When I create a web site, there are some places that allow user to input html code, like in content of a message. But for security purpose, you can not allow user use all html features, like javascript. I found some sites are using UBB code and claim it is safer. I am wonderring if .NET provides some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html code but not others?
Thanks!
You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmai l.com> wrote in message
news:ux******** ******@TK2MSFTN GP09.phx.gbl... When I create a web site, there are some places that allow user to input html code, like in content of a message. But for security purpose, you can not allow user use all html features, like javascript. I found some sites are using UBB code and claim it is safer. I am wonderring if .NET provides some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html code but not others?
Thanks!
Thanks! that helps.
"Michael Giagnocavo [MVP]" <mg*******@Atre vido.net> wrote in message
news:Ok******** ******@TK2MSFTN GP10.phx.gbl... You could provide your own markup code, or inspect the code to make sure it's only have your own approved tags. Get a Regex to find all tags, and then if one of them doesn't match your list of few tags, then reject the message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously SCRIPT is not good, but having people put arbitrary styles and overwrite your page (and get people to click on fake links that appear to be part of your page) can be just as damaging.
-mike MVP
"david" <wy*****@hotmai l.com> wrote in message news:ux******** ******@TK2MSFTN GP09.phx.gbl... When I create a web site, there are some places that allow user to input html code, like in content of a message. But for security purpose, you
can not allow user use all html features, like javascript. I found some
sites are using UBB code and claim it is safer. I am wonderring if .NET
provides some easier way for this? I feel that .NET does have a feature to avoid user type in html code, but is there a feature that allows some safe html
code but not others?
Thanks!
Thanks! that helps.
"Michael Giagnocavo [MVP]" <mg*******@Atre vido.net> wrote in message
news:Ok******** ******@TK2MSFTN GP10.phx.gbl... You could provide your own markup code, or inspect the code to make sure it's only have your own approved tags. Get a Regex to find all tags, and then if one of them doesn't match your list of few tags, then reject the message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously SCRIPT is not good, but having people put arbitrary styles and overwrite your page (and get people to click on fake links that appear to be part of your page) can be just as damaging.
-mike MVP
"david" <wy*****@hotmai l.com> wrote in message news:ux******** ******@TK2MSFTN GP09.phx.gbl... When I create a web site, there are some places that allow user to input html code, like in content of a message. But for security purpose, you
can not allow user use all html features, like javascript. I found some
sites are using UBB code and claim it is safer. I am wonderring if .NET
provides some easier way for this? I feel that .NET does have a feature to avoid user type in html code, but is there a feature that allows some safe html
code but not others?
Thanks!
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Rob |
last post by:
i know javascript, vbscript, asp css and alot more and im only 14 i was
wondering which is easier to learn php or cgi. any help?
|
by: RobertMaas |
last post by:
After many years of using LISP, I'm taking a class in Java and finding
the two roughly comparable in some ways and very different in other
ways. Each has a decent size library of useful utilities as a standard
portable part of the core language, the LISP package, and the java.lang
package, respectively. Both have big integers, although only LISP has
rationals as far as I can tell. Because CL supports keyword arguments,
it has a wider range...
|
by: mike420 |
last post by:
map(lambda f: f(1), )
Oh, OK, it was a typo (1 instead of i). I take it all back (for now).
It was an honest mistake, not a troll! Still, I think it should
be instead of
|
by: Andreas Prilop |
last post by:
Here is an illustration of the warning
http://ppewww.ph.gla.ac.uk/~flavell/charset/browsers-fonts.html#dont
that you should not specify a typeface when you have characters
outside West European Latin-1 on your page.
The reference test page is
http://www.unics.uni-hannover.de/nhtcapri/temp/arial.html
This http://www.unics.uni-hannover.de/nhtcapri/temp/face-arial.gif
is the horrible result in Mozilla 1.3 on Mac OS 9.1 when I do
|
by: Mario T. Lanza |
last post by:
Greetings,
I have been developing websites in CSS for a couple years; I claim to
be no expert, but certain things could definitely be easier.
Consider the box model and it's different implementations:
http://tantek.com/CSS/Examples/boxmodelhack.html
Microsoft's way and the web standards way. Ironically, though
| |
by: david |
last post by:
When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like javascript. I found some sites
are using UBB code and claim it is safer. I am wonderring if .NET provides
some easier way for this? I feel that .NET does have a feature to avoid user
type in html code, but is there a feature that allows some safe html...
|
by: Steven T. Hatton |
last post by:
Stroustrup's view on classes, for the most part, seems to be centered around
the notion of invariants. After a bit of adjusting to the use of yamt (yet
another math term) in computer science, I came to appreciate some of the
significance in what he is asserting. I believe a good example would be
the Riemann-Christoffel curvature tensor. In the 4-space of general
relativity, there are 256 components of this beast.
One approach to...
|
by: mvendertaca |
last post by:
I've created a usercontrol which is hosted in Internet Explorer. It
with some action buttons. I could place all buttons on this
usercontrol but I did not. When the user presses one of the buttons i
detect some more action needs to be taken and open a dialogbox. using
ShowDialog. But IE finds a usercontrol opening a dialogbox dangerous
(Although the usercontrol could alsready have done anything because i
have elevated its permissions using...
|
by: howa |
last post by:
Since it is part fo the standard, why I always heard that we should
avoid iframe?
any comments?
thanks.
|
by: EnjoyNews |
last post by:
Hi
I just had a thought regarding spam...
I have noticed that when I do something in JavaAjax then I can't se the
context in the source.
.... If I open a page in a div with Ajax, right click and choose Source,
then the div is empty.
The context in the ajax page is not there.
Off cause you can find the .js file and see what page it opens.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |