Antixss on description Field

Feb 4, 2010 at 1:20 AM

Hi,

I have a UI with a description field. I have used  Antixss.HtmlEncode(descField.Text)  to validate dangerous input from the user.

But when users enter !  character in that description field it converts that to !. That is if i enter Thanks! , It converts that to Thanks!.

What is the bestway to validate the Description field. Please help.

 

Thanks

 

Coordinator
Feb 23, 2010 at 8:46 PM

HtmlEncode method does not validate data, it encodes data to correctly represent data in HTML. You should be using SafeHtml to sanitize the data, but note that SafeHtml is for HTML data only.

Thanks

RV

From: dotnetdev_1 [mailto:notifications@codeplex.com]
Sent: Wednesday, February 03, 2010 5:21 PM
To: Anil Revuru (INFORMATION SECURITY TOOLS)
Subject: Antixss on description Field [AntiXSS:83088]

From: dotnetdev_1

Hi,

I have a UI with a description field. I have used Antixss.HtmlEncode(descField.Text) to validate dangerous input from the user.

But when users enter ! character in that description field it converts that to !. That is if i enter Thanks! , It converts that to Thanks!.

What is the bestway to validate the Description field. Please help.

Thanks

Read the full discussion online.

To add a post to this discussion, reply to this email (AntiXSS@discussions.codeplex.com)

To start a new discussion for this project, email AntiXSS@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com