Code Comments
Programming Forum and web based access to our favorite programming groups.
HtmlEncode for all controlsHello all, I am familiar with the HtmlEncode Server method. I also read this : http://msdn2.microsoft.com/en-us/library/a2a4yykt(VS.80). aspx My question is: If I want to encode all inputs from user, can I apply this encoding for all "Input" fields on my site in a single action. Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc. Many thanks.
Post Follow-up to this message
Re: HtmlEncode for all controlsjaja wrote: > Hello all, > I am familiar with the HtmlEncode Server method. > > I also read this : > http://msdn2.microsoft.com/en-us/library/a2a4yykt(VS.80).aspx > > My question is: If I want to encode all inputs from user, can I apply > this encoding for all "Input" fields on my site in a single action. > > Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc. No. Actually you want to use HtmlEncode when writing data to Response, not when reading data from a user -- Microsoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup.
Post Follow-up to this message Re: HtmlEncode for all controls> No.
> Actually you want to use HtmlEncode when writing data to Response, not
> when reading data from a user
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.
For example, I have the following html_encode1.asp file:
------------------------------------------------------
<%@ language="vbscript"%>
<html>
<body>
<form action="html_encode1.asp" method="post">
<input type="text" name="txtbox">
<textarea name="txtarea" width=50 height=30/></textarea>
<input type="submit" value="Submit" />
</form>
<%
dim fname
fname=Request.Form("txtarea")
fname = Server.HTMLEncode(fname)
If fname<>"" Then
Response.Write("Hello " & fname & "!<br />")
Response.Write("How are you today?")
End If
%>
</body>
</html>
------------------------------------------------------
Please disregard the content. It is not the issue.
As you can see I have here 2 input controls: A TextBox and a TextArea.
On both I need to operate the HtmlEncode for security purpuses.
Now suppose I have 100 controls per page and 100 pages (I am
exaggerating of course, but just for theory prupuses).
Should I now activate HtmlEncode for each on of the controls per each
one of the pages?
Thanks again.
Post Follow-up to this message Re: HtmlEncode for all controlsjaja wrote:
>
> Thanks for the prompt reply.
> I am new to web development.
> It may be that I didn't clear myself well.
>
No, I totally understood your question, and my answer still stands.
You're not "activating HtmlEncode": You are calling a method called
HTMLEncode that is contained in the Server object. That method replaces
certain characters in the string provided via the argument with the HTML
codes for those characters and returns the resulting string to the
calling procedure.
There is no shortcut here, except for eliminating one unnecessary line
of code. All you really need is:
fname=Request.Form("txtarea")
If fname<>"" Then
Response.Write("Hello " & _
Server.HTMLEncode(fname) & "!<br />")
Response.Write("How are you today?")
End If
Again, the only place you need to use the method is when you are
actually writing the value to response. There is no value, security or
otherwise, to using it anywhere else.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Post Follow-up to this message Re: HtmlEncode for all controlsjaja wrote: > Hello all, > I am familiar with the HtmlEncode Server method. > > I also read this : > http://msdn2.microsoft.com/en-us/library/a2a4yykt(VS.80).aspx > > My question is: If I want to encode all inputs from user, can I apply > this encoding for all "Input" fields on my site in a single action. > > Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc. > > Many thanks. -- Microsoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup.
Post Follow-up to this message Re: HtmlEncode for all controlsjaja wrote: > Hello all, > I am familiar with the HtmlEncode Server method. > > I also read this : > http://msdn2.microsoft.com/en-us/library/a2a4yykt(VS.80).aspx > > My question is: If I want to encode all inputs from user, can I apply > this encoding for all "Input" fields on my site in a single action. > > Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc. > > Actually, you could write your own function and include it via SSI in all your pages: ProcedureLibrary.asp <% Sub WriteToResponse(sData, bEncode) If bEncode Then Response.Write Server.HTMLEncode(sData) Else Response.Write sData End If End Sub %> Then in your html_encode1.asp page: <!--#include file=procedureLibrary.asp--> <% dim fname fname=Request.Form("txtarea") If fname<>"" Then WriteToResponse "Hello " & fname, true WriteToResponse "!<br />",false WriteToResponse "How are you today?", false End If %> -- Microsoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup.
Post Follow-up to this message Re: HtmlEncode for all controlsOn 9 =D7=90=D7=A4=D7=A8=D7=99=D7=9C, 18:02, "Bob Barrows [MVP]" <reb01...@NO=
yahoo.SPAMcom>
wrote:
> jaja wrote:
>
>
ply
>
>
> Actually, you could write your own function and include it via SSI in
> all your pages:
>
> ProcedureLibrary.asp
> <%
> Sub WriteToResponse(sData, bEncode)
> If bEncode Then
> =C2=A0 =C2=A0 Response.Write Server.HTMLEncode(sData)
> Else
> =C2=A0 =C2=A0 Response.Write sData
> End If
> End Sub
> %>
>
> Then in your html_encode1.asp page:
>
> <!--#include file=3DprocedureLibrary.asp-->
> <%
> dim fname
> fname=3DRequest.Form("txtarea")
> If fname<>"" Then
> =C2=A0 =C2=A0 =C2=A0 WriteToResponse "Hello " & fname, true
> =C2=A0 =C2=A0 =C2=A0 WriteToResponse "!<br />",false
> =C2=A0 =C2=A0 =C2=A0 WriteToResponse "How are you today?", false
> End If
> %>
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
Thank you Bob for the nice tip.
I would have hoped there will we maybe a Server object property which
I will be able to set and it will do the work, but apparently there
isn't.
Thanks, again!
Post Follow-up to this message
Sponsored Links
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
