Where is some GOOD documentation how how to properly databind TinyMCE or FCKEditor in order to store in SQL database? (VB)

views:

104

answers:

+1 Q:

Where is some GOOD documentation how how to properly databind TinyMCE or FCKEditor in order to store in SQL database? (VB)

I have searched high and low and can only find some very bad documentation on how to properly save the data from a rich text editor to a SQL Server database. I am not working with personal profiles, I just want to understand how it is properly done, including how to properly escape said data.

One simple way would be to HtmlEncode the content of the TinyMCE control when saving and Decode it when retrieving.

macou 2009-07-24 04:02:24

+1 A:

Use parameterized queries and you don't need to escape or encode the data going into or coming out of the DB.

What you should be more concerned about is the composition of the HTML that you're receiving when it's be rendered back out from the database. It's not really enough to trust the person submitting the HTML to not be malicious.

Does the HTML contain script? Does the HTML contain XSS attacks? Does any formatting or CSS embedded in the HTML break your page? Does unclosed markup in the HTML break your page?

CptSkippy 2009-07-24 14:36:04

ansaurus

tags:

views:

answers:

Where is some GOOD documentation how how to properly databind TinyMCE or FCKEditor in order to store in SQL database? (VB)

related questions