Set ValidateRequest="false"
Unless you actually need users to be able to enter HTML you must convert the string to its html encoding equivalent - basically this means that certain characters (like "<") are converted to codes (so "<" is converted to "<"). To perform this conversion use HttpUtility.HtmlEncode, for example:
MyLabel.Text := HttpUtility.HtmlEncode(MyTextBox.Text);
public static string ConvertStringToHTML(string OldString)
{
string NewString="";
NewString=OldString.Replace("&","&");//this should be first, next & will come for < and >.
NewString=NewString.Replace("<","<").Replace(">",">");
return NewString;
}
public static string ConvertHTMLToString(string OldString)
{
string NewString="";
NewString=OldString.Replace("&","&");
NewString=NewString.Replace("<","<").Replace(">",">");
return NewString;
}
Monday, February 22, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment