Request Validation – Preventing Script Attacks – Not Allowd html tags in textbox
Posted by Viral Sarvaiya on August 20, 2010
By default, the application is prevented from processing unencoded HTML content submitted to the server (it means page validaterequest=true & it help us to prevent script attacks ).
This request validation feature can be disabled when the application has been designed to safely process HTML data. When ever you work with DotNetNuke this feature is disabled by default.
Now question comes in mind that in such cases how to “Preventing Script Attacks”.
One solution can “stop submitting input that contains such scripts or we can say html tags”.
so that we can prevent script attack.
Here is one solution using RegularExpressionValidator.
Suppose we are having textbox that takes some input text from the user & we do not want them to type any html tags than here is the code for that :
<asp:TextBox runat="server" ID="txtName"></asp:TextBox> <asp:RegularExpressionValidator runat="server" ID="regName" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="Employeevalgrp" ValidationExpression="^[^<>]+$" ErrorMessage="Html tags are not allowed."/> <asp:Button runat="server" ID="btnSaveEmployeeInfo" ValidationGroup="Employeevalgrp" CausesValidation="true" OnClick="btnSaveEmployeeInfo_Click" />
Here when user press button, validator will validate the input text & submit the text only if it passes thru the validation test.
Here I must say that we are not validating request, we are just validating input that is going to be submitted to the server.
Thanks Sandeep to give a such a wonderful help……
This entry was posted on August 20, 2010 at 11:16 AM and is filed under ASP.NET, asp.net feature. Tagged: DotNetNuke Request Validation, Not Allowd html tags in textbox, Request Validation, Request Validation - Preventing Script Attacks, validaterequest. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.