tags:

views:

788

answers:

2
Q: 

ASP.NET Textbox - Avoid Copy Paste of few characters

hi, We need to stop copy paste of few characters like '<' or '>' or any characters which can be potentially dangerous.

I know we can set a property RequestValidation to false, but for some reason we would not want to do that.

What we want to do is when the user tries to paste a text in the textbox, we want to validate the text and do a pattern match against the defined list of characters to be filters.

We tried various textbox events like OnPaste (Works in IE as well as Mozilla, but in Mozilla we are not able to get the content from the clipboard), OnBlur (Works fine but does not works when clicked on checkbox with runat as Server) and few others with no real progress.

Would appreciate if anyone of you guys can help me and help me sooner as we are in deadlines!

Thanks a lot, Atul

+3  A: 

First of all, you really shouldn't be accessing the user's clipboard, even if some versions of IE allow it. For reasons of integrity, that's simply nothing a browser should be dealing with. Either way, you could check the textbox value after paste, rather than inspecting the clipboard content during paste.

However, better still would probably be to perform this validation on submit. Try the built in regular expression validators. Because really, you worry about users submitting dangerous characters, right, not about the fact that they actually pasted them?

EDIT (example)

<asp:TextBox ID="txtName" runat="server"/>
<asp:RegularExpressionValidator ID="regexpName" runat="server"     
    ErrorMessage="This expression does not validate." 
    ControlToValidate="txtName" Display="Dynamic"
    ValidationExpression="^[^<>]$" />
David Hedlund  2009-07-09 13:59:57
Thanks d.We tried this and this works fine in most of the case. There is only on problem here. Just wanted opinion on whether we can handle this more gracefully than what I am thinking.When users pastes dangerous characters, and clicks on other controls which cause post back e.g. Checkbox, the submit request identifies the characters and halts the post back. But the Check Box values gets changed. Same happens with Drop down. Am thinking of storing these values and reset them incase submit is halted. Is there any cleaner way?Thanks,Atul
Atul  2009-07-09 14:18:10
+1 also, if that field is required be sure to use the RequiredFieldValidator on it as well since the RegularExpressionValidator alone does not make the field mandatory, it only checks it if there's content (whitespace or a blank entry is allowed and not validated).
Ahmad Mageed  2009-07-09 14:18:19
@Atul: if I understood you correctly I think you can add EnableClientScript="false" in the validator tag. This will prevent client side validation, so there won't be immediate feedback but it will validate on submit. See if that helps.
Ahmad Mageed  2009-07-09 14:21:35
@Ahmad: That would require actually submitting the dangerous characters, though, which will throw an exception if EventValidation isn't disabled
David Hedlund  2009-07-09 14:32:20
A: 

Are you trying to modify what is in the users clipboard before the paste? Why not attach a onchange event that does any validation that you require? You could replace out any characters that you don't want in there.

Alex  2009-07-09 14:03:16

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps