When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like javascript. I found some sites
are using UBB code and claim it is safer. I am wonderring if .NET provides
some easier way for this? I feel that .NET does have a feature to avoid user
type in html code, but is there a feature that allows some safe html code
but not others?
Thanks!
4  1424 
You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmail.com> wrote in message
news:ux**************@TK2MSFTNGP09.phx.gbl... When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like javascript. I found some sites
are using UBB code and claim it is safer. I am wonderring if .NET provides
some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html code
but not others?
Thanks!
You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmail.com> wrote in message
news:ux**************@TK2MSFTNGP09.phx.gbl... When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like javascript. I found some sites
are using UBB code and claim it is safer. I am wonderring if .NET provides
some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html code
but not others?
Thanks!
Thanks! that helps.
"Michael Giagnocavo [MVP]" <mg*******@Atrevido.net> wrote in message
news:Ok**************@TK2MSFTNGP10.phx.gbl... You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmail.com> wrote in message
news:ux**************@TK2MSFTNGP09.phx.gbl... When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you
can not allow user use all html features, like javascript. I found some
sites are using UBB code and claim it is safer. I am wonderring if .NET
provides some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html
code but not others?
Thanks!
Thanks! that helps.
"Michael Giagnocavo [MVP]" <mg*******@Atrevido.net> wrote in message
news:Ok**************@TK2MSFTNGP10.phx.gbl... You could provide your own markup code, or inspect the code to make sure
it's only have your own approved tags. Get a Regex to find all tags, and
then if one of them doesn't match your list of few tags, then reject the
message.
"Safe HTML" depends on the site and what you deem to be bad. Obviously
SCRIPT is not good, but having people put arbitrary styles and overwrite
your page (and get people to click on fake links that appear to be part of
your page) can be just as damaging.
-mike
MVP
"david" <wy*****@hotmail.com> wrote in message
news:ux**************@TK2MSFTNGP09.phx.gbl... When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you
can not allow user use all html features, like javascript. I found some
sites are using UBB code and claim it is safer. I am wonderring if .NET
provides some easier way for this? I feel that .NET does have a feature to avoid
user type in html code, but is there a feature that allows some safe html
code but not others?
Thanks!
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Rob |
last post by:
i know javascript, vbscript, asp css and alot more and im only 14 i was
wondering which is easier to learn php or cgi. any help?
|
by: RobertMaas |
last post by:
After many years of using LISP, I'm taking a class in Java and finding
the two roughly comparable in some ways and very different in other
ways. Each has a decent size library of useful utilities...
|
by: mike420 |
last post by:
map(lambda f: f(1), )
Oh, OK, it was a typo (1 instead of i). I take it all back (for now).
It was an honest mistake, not a troll! Still, I think it should
be instead of
|
by: Andreas Prilop |
last post by:
Here is an illustration of the warning
http://ppewww.ph.gla.ac.uk/~flavell/charset/browsers-fonts.html#dont
that you should not specify a typeface when you have characters
outside West European...
|
by: Mario T. Lanza |
last post by:
Greetings,
I have been developing websites in CSS for a couple years; I claim to
be no expert, but certain things could definitely be easier.
Consider the box model and it's different...
| | |
by: david |
last post by:
When I create a web site, there are some places that allow user to input
html code, like in content of a message. But for security purpose, you can
not allow user use all html features, like...
|
by: Steven T. Hatton |
last post by:
Stroustrup's view on classes, for the most part, seems to be centered around
the notion of invariants. After a bit of adjusting to the use of yamt (yet
another math term) in computer science, I...
|
by: mvendertaca |
last post by:
I've created a usercontrol which is hosted in Internet Explorer. It
with some action buttons. I could place all buttons on this
usercontrol but I did not. When the user presses one of the buttons i...
|
by: howa |
last post by:
Since it is part fo the standard, why I always heard that we should
avoid iframe?
any comments?
thanks.
|
by: EnjoyNews |
last post by:
Hi
I just had a thought regarding spam...
I have noticed that when I do something in JavaAjax then I can't se the
context in the source.
.... If I open a page in a div with Ajax, right click...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
