I have a simple web user input form using c#. Users copy what they thin is a screen shot of error conditions to submit as input to the form. The copy action actually captures the HTML of the error page. When this is pasted into my test box I get an error (A potentially dangerous Request.Form value was detected from the client (tbxComment). What is the best method to prevent this?
+1
A:
In Internet Explorer, Safari, And FireFox 3 , you can handle the onbeforepaste event for the input control.
You will have to examine the clipboard object and decide whether to allow the paste or not.
Its not a official(!) w3 standard event, but FF and Safari have included support for it.
Adrian
2009-05-14 12:49:02
A:
I use http://tinymce.moxiecode.com/ then hide all toolbars, and configure the tinymce to just use a few html tags.
Or you can strip the html tags with a regular expresion in the keyUp Event because the onChange event is not fired in TextAreas.
Chocolim
2009-05-14 13:27:29