List of illegal characters
I am in the process of building a tool that has a function similar to a bulletin board.
Using ASP, I am calling a function to replace illegal characters in the text submitted by Internet users. So far I am removing ', <, and >. What else should I be looking for?
By the way - I am removing the ' for simplicity reasons and replacing the other characters with their ansi equivalents. Any better suggestions?
Thank you in advance.
Busy posted this at 21:42 — 15th January 2005.
He has: 6,151 posts
Joined: May 2001
depends if it's going into a database etc, things like " ( ) % should be converted as well, the ( )'s can be used from rss attacks or something. but you could convert the entire symbol range to be extra safe. or if ASP uses a HTML tag replace thing, like PHP's htmlspecialchars() or htmlentities()
artsapimp posted this at 01:07 — 16th January 2005.
They have: 330 posts
Joined: Apr 2000
Yes it is going into a database. For development it is being submitted to MS Access. Will be converted to MS SQL once uploaded to production.
I haven't heard of that. What does htmlspecialchars() do? Simply convert all special characters to ansi?
If I chose to convert the entire symbol range is there an easy way to do that? My initial thought process would be to create a list of all characters, place them into an array, and loop through that. Is there an easier way?
Free Math Test
Fun Math Games
Renegade posted this at 03:48 — 16th January 2005.
He has: 3,022 posts
Joined: Oct 2002
RTM - htmlspecialchars()
CptAwesome posted this at 10:13 — 16th January 2005.
He has: 370 posts
Joined: Dec 2004
in truth, you might as well convert everything aside from letters, so you don't forget what you did/didn't convert, and then if anything f***s up, just make it not convert anymore.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.