Code Simplified – Viral Sarvaiya

Code Simplified – Viral Sarvaiya, Web Developer Friends, dot net Developer, Sql Server Developer

Request Validation – Preventing Script Attacks – Not Allowd html tags in textbox

Posted by Viral Sarvaiya on August 20, 2010

By default, the application is prevented from processing unencoded HTML content submitted to the server (it means page validaterequest=true & it help us to prevent script attacks ).

This request validation feature can be disabled when the application has been designed to safely process HTML data. When ever you work with DotNetNuke this feature is disabled by default.

Now question comes in mind that in such cases how to “Preventing Script Attacks”.

One solution can “stop submitting input that contains such scripts or we can say html tags”.
so that we can prevent script attack.

Here is one solution using RegularExpressionValidator.

Suppose we are having textbox that takes some input text from the user & we do not want them to type any html tags than here is the code for that :

<asp:TextBox runat="server" ID="txtName"></asp:TextBox>

<asp:RegularExpressionValidator runat="server" ID="regName" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="Employeevalgrp" ValidationExpression="^[^<>]+$" ErrorMessage="Html tags are not allowed."/>

<asp:Button runat="server" ID="btnSaveEmployeeInfo" ValidationGroup="Employeevalgrp"
 CausesValidation="true" OnClick="btnSaveEmployeeInfo_Click" />

Here when user press button, validator will validate the input text & submit the text only if it passes thru the validation test.

Here I must say that we are not validating request, we are just validating input that is going to be submitted to the server.

Thanks Sandeep to give a such a wonderful help……


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: