Can you do HtmlDecode & HtmlEncode in Silverlight?
So since System.Web & HttpContext isn't available in Silverlight is there a way to do HtmlDecode & HtmlEncode inside a Silverlight app without some horrendous Regex? ...
htmlencode
How to stop automatic HTML Encoding when assigning to HTML Input Fields VB.NET
I have to submit a HTML form to a 3rd party website and one of the hidden fields is an XML string. The XML needs escaping before it is sent to the 3rd party. However when I add the plain XML to the form field it semi-escapes it for me. So then when I use HTMLEncode myself part of the XML is double-escaped. How do I prevent the automatic...
using linq to sql and HtmlEncode
I am using linq-to-sql to load and save data to database. Since most of the data to save or load is user input and to avoid all possible risks of saving raw data, i decided to HtmlEncode the input.Here is the summary of what I do Encode the input before saving it to the database. Decode the input to be able to manipulate the raw data. ...
C# = HtmlEncode from Class Library
Hello, I have a class library (in C#). I need to encode my data using the HtmlEncode method. This is easy to do from a web application. My question is, how do I use this method from a class library that is being called from a console application? Thank you! ...
Ruby CGI.unescapeHTML generating strange charactors
I have backed up a bunch of markdown formatted comments into an XML document. This of course meant I needed to HTMLescape them. When I try to use CGI.unescapeHTML it adds a bunch of strange characters into the markup that do not render well in all browsers. Specifically, it replaces two spaces with "\302\240 ", but not consistently. ...
What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?
I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, reading the msdn blog, it appears to just provide an HtmlEncode() method. But I already use HttpUtility.HtmlEncode(). Why would I want to use AntiXss.HtmlEncode over HttpUtility.HtmlEncode? Indeed, I am not the...
Users entering ampersand & character messing up my sites w3c validation
Hi guys, my social networking site is w3c xhtml valid however users are able to post blog reports and stuff and at times enter in ampersand characters which in turn mess up my validation. How can I fix this and are there any other single characters that I need to look out for that could mess up my validation? ...
Proper handling of user input
So I'm setting up my form validation, inputs, error messages etc... and then realized a lot of the info that I'm collecting will need to be output again at some point. So I wrapped my inputs in: Server.HtmlEncode(txtbox.text); What else should I be doing to ensure that i avoid XSS types of attacks? Should I be be doing something whe...
How to search for text in sql server when storing different languages
Hi, I have a website that has product names containing French and English words. When I store a product name I store it as html encoded in the ProductName field in my SQL Server. For example the word Château is stored as Ch& #226;teau in my database. If someone wants to search for a product name I htmlencode the search term. This will ...
NHibernate: Should I encode inputs?
I use NHibernate to persist my objects.. However, I cannot seem to find any information about whether I need to encode inputs? For example: string firstName = TextboxFirstName.Text; string lastName = TextboxLastName.Text; using(ISession session = sessionFactory.OpenSession()) { Customer customer = new Customer(firstName, lastName)...
Jsp, Jquery and Json encoded characters issue
Working with JSON is quite new to me, yet I already like it. But i'm facing an annoying issue. Here's how things work: jquery makes an Ajax request for a specific url, this url is a STRUTS action, and, on success, returns a specific jsp this jsp includes JSON taglib (http://www.atg.com/taglibs/json) in order to render proper JSON formatt...
How to HTMLEncode arbitrary datasets returned from ScriptService
I've exposed an ASP.NET ScriptService that returns the results of a user defined query. In this case, I'm returning the resulting dataset as a JSON serialized IEnumerable<IDictionary>. Each IDictionary represents a dataset row and contains an arbitrary number of key/value pairs. Although most returned values are primitive types, occasi...
encode html in Asp.net C# but leave tags intact
I need to encode a whole text while leaving the < and > intact. example <p>Give me 100.000 €!</p> must become: <p>Give me 100.000 €!</p> the html tags must remain intact ...
Should Html.Encode be called when building ActionLinks in ASP.NET MVC
If the name of a link is pulled from the database, should you be calling the Html.Encode method to clean the name? For example: Html.ActionLink(Model.PersonFromDB.FirstName, "Action", "Controller", new RouteValueDictionary { { "id", Model.PersonFromDB.Id } }, null) or: ...
ASP.NET MVC: How to allow some HTML mark-up in Html Encoded content?
Is there some magic existing code in MVC 2 to Html.Encode() strings and allow certain html markup, like paragraph marks and breaks? (coming from a Linq to SQL database field) A horrible code example to achieve the effect: Html.Encode(Model.fieldName).Replace("<br />", "<br />") What would be really nice is to overload something...
Should HTML be encoded before being persisted?
Should HTML be encoded before being stored in say, a database? Or is it normal practice to encode on its way out to the browser? Should all my text based field lengths be quadrupled in the database to allow for extra storage? Looking for best practice rather than a solid yes or no :-) ...
[ASP.NET] How can I HTML-encode a string and use human-readable encoded tags (ex: ê instead of ê )
Greetings, I'm looking for a way to encode a string into HTML that uses human-readable tags such as ê (=ê). At the moment, I am using the HttpUtility.HtmlEncode() function, but it appears to return numbered tags instead of human-readable ones. For example: Dim str as string = HttpUtility;HtmlEncode("vente - en-tête") 'Expected: ve...
HTMLencode HTMLdecode
I have a text area and I want to store the text entered by user in database with html formatting like paragraph break, numbered list. I am using HTMLencode and HTMLdecode for this. Sample of my code is like this: string str1 = Server.HtmlEncode(TextBox1.Text); Response.Write(Server.HtmlDecode(str1)); If user entered text with 2 parag...
How do I write an HTML entity in button text in ASP.NET?
I need to write out a submit button in ASP.NET so that the button text value is HTML-encoded using the proper HTML entities for the various French characters with accents. The button is simply declared as <asp:Button id="button1" runat="server" /> If I do something like button1.text = "Test é" then it displays the button text cor...
What is the CodePage for DBCS so I can encode an xml string and show it in a asp.net text box?
What is the CodePage for DBCS so I can encode an xml string and show it in a asp.net text box? I don't think I should have to convert the characters myself when Server.HTMLEncode will work if the string is DBCS. To clarify: the binary represenation of the xml string(Base64) is stored in the database in a column of nvarchar(max) datatyp...