HomeBuilding Your WebsiteWeb Programming and Application Development

HTML Input

dhotchin posted this at 14:13 — 24th February 2004.

He has: 183 posts

Joined: Nov 2003

Hi. Students at our college have found away of just pasting html code in a field (Comment Box) and submiting this code which can change the layout of the site.

Is there a way of stoping this happening? I'm using ASP, Access, on college Intranet.

thanks

Greg K posted this at 16:56 — 24th February 2004.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

I'm sure that ASP has to have a command to convert HTML code like PHP's htmlspecialchars function.

Basically you could build your own fucntion that does a search/replace in the string and does the following replacements (from http://www.php.net/manual/en/function.htmlspecialchars.php):

  • '&' (ampersand) becomes '&'
  • '"' (double quote) becomes '"'
  • ''' (single quote) becomes '''
  • '<' (less than) becomes '<'
  • '>' (greater than) becomes '>'

-Greg

bja888 (not verified) posted this at 13:01 — 25th February 2004.

They have: 5,633 posts

Joined: Jan 1970

HTMLencode(); or something like that for javascript ASP.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.