473,322 Members | 1,620 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

How to handle HTML Encoding

Bob Ross
119 100+
In order to protect my site I need to encode input values and data.

As I am using a shared database (with many people) I need to encode the values that come from it.

What I would like to know is what is the common pratice for HTML encoding.
I started off encoding all data from the db but that lead to charactors not being displayed properly. Then I tried encoding every control that required it but due to a complex translation model and wanting to be able to use <b>,<br> etc in my controls I can't easily do this.

How have other people protected themselves?
Jul 5 '07 #1
9 1231
TRScheel
638 Expert 512MB
In order to protect my site I need to encode input values and data.

As I am using a shared database (with many people) I need to encode the values that come from it.

What I would like to know is what is the common pratice for HTML encoding.
I started off encoding all data from the db but that lead to charactors not being displayed properly. Then I tried encoding every control that required it but due to a complex translation model and wanting to be able to use <b>,<br> etc in my controls I can't easily do this.

How have other people protected themselves?

So you are talking about encrypting the information? I am sorry, I dont really understand your issue. I feel like I have the general idea...
Jul 5 '07 #2
kenobewan
4,871 Expert 4TB
It depends on what you are protecting yourself against:
Request Validation - Preventing Script Attacks
Jul 6 '07 #3
radcaesar
759 Expert 512MB
In order to protect my site I need to encode input values and data.

As I am using a shared database (with many people) I need to encode the values that come from it.

What I would like to know is what is the common pratice for HTML encoding.
I started off encoding all data from the db but that lead to charactors not being displayed properly. Then I tried encoding every control that required it but due to a complex translation model and wanting to be able to use <b>,<br> etc in my controls I can't easily do this.

How have other people protected themselves?
Why can't u use https for this purpose. You will save more time if u prefer this and u can also achieve this safely.

:)
Jul 6 '07 #4
Bob Ross
119 100+
I am trying to prevent the site from scripting attacks but not only from user input but also database data.
When working with shared data you cannot trust it.
That is why I need a way to be sure that all data being used is clean.

Any ideas?
Jul 10 '07 #5
TRScheel
638 Expert 512MB
I am trying to prevent the site from scripting attacks but not only from user input but also database data.
When working with shared data you cannot trust it.
That is why I need a way to be sure that all data being used is clean.

Any ideas?
So you can only trust your code? Not even YOUR database entries?
Jul 10 '07 #6
Bob Ross
119 100+
When working with shared data you cannot trust it.
Please read again what I said.
We are using a database shared across many different countries that a LARGE number of people could be inputting to.
So it is wise not to trust it.
Jul 10 '07 #7
TRScheel
638 Expert 512MB
Please read again what I said.
Ah, gotcha. Well, if thats the case, you are going to have to create a list of what's expected (the stricter the better) from the data, and check against it. If it doesnt match, follow any security measures you have.
Jul 10 '07 #8
Bob Ross
119 100+
So there is no standard approach to encoding all information form the database?

Should I then write a white list of tags allowed and check everything against them?
Jul 11 '07 #9
TRScheel
638 Expert 512MB
So there is no standard approach to encoding all information form the database?

Should I then write a white list of tags allowed and check everything against them?
That'd be your best bet, based on what I have heard and understand
Jul 11 '07 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

5
by: js | last post by:
Hi, hwo to use ASP to handle chinese characters output? I have try two ways: 1. store the string in a text file(unicode file) 2. store the string in an access database The first method got an...
2
by: Nick Gilbert | last post by:
Hi I have a number of pages where it is valid for the user to enter HTML. On these pages, I have turned off RequestValidation ("ValidateRequest = false" in the page directive) so that the...
3
by: Weiping | last post by:
Hi, while upgrade to 8.0 (beta3) we got some problem: we have a database which encoding is UNICODE, when we do queries like: select upper('ÖÐÎÄ'); --select some multibyte character, then...
3
by: Hans Merkl | last post by:
Hi, I am helping to build a web app that's pretty much a wrapper around a web service. The question now is how to store the handle of the web service object between requests. My client is using...
1
by: Mark | last post by:
Assume you have a simple HTML form that submits its form results to a .aspx page. The receiving .aspx page processes the values sent by the form. If the form data contains an accented character...
5
ronverdonk
by: ronverdonk | last post by:
I don't know much of JavaScript, hence this question. I have an select list with an option entry<option value="This is a value"><This is a value</option> When I try to handle the option value, when...
14
by: Zoro | last post by:
My task is to read html files from disk and save them onto SQL Server database field. I have created an nvarchar(max) field to hold them. The problem is that some characters, particularly html...
10
by: Dancefire | last post by:
Hi, everyone, I'm writing a program using wstring(wchar_t) as internal string. The problem is raised when I convert the multibyte char set string with different encoding to wstring(which is...
0
by: w.m.gardella.sambeth | last post by:
Hello Pythonists: I am using SPE as python IDE on Windows, with Python 2.5.1 installed (official distro). As my mother tongue is Spanish, I had documented some modules in it (I now, I should have...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.