Aug 03, 2010, 9:26 AM
[CLOSED] Script tag HTML rendering on first page load
Run the supplied example to see the error. To stop the error from occuring remove the script tags from the text.
The issue is that the user could enter <script>alert('hello')</script> in a field such as a description where the text length may be as much as 2000 characters. All text entered by the user is encoded using Server.HTMLEncode before it is stored in the database and where nessessary decoded before it is used to populate a control. I could use a RegEx to prevent the user entering <script> tags but I would prefer it if the user could enter any text without limitation.
Could you supply a work arround for this issue please.
Note: This error only occurs the first time the page is loaded if the page is re-populated via a direct method it is not an issue.
The issue is that the user could enter <script>alert('hello')</script> in a field such as a description where the text length may be as much as 2000 characters. All text entered by the user is encoded using Server.HTMLEncode before it is stored in the database and where nessessary decoded before it is used to populate a control. I could use a RegEx to prevent the user entering <script> tags but I would prefer it if the user could enter any text without limitation.
Could you supply a work arround for this issue please.
Note: This error only occurs the first time the page is loaded if the page is re-populated via a direct method it is not an issue.
<%@PageLanguage="C#" %>
<!DOCTYPEhtmlPUBLIC"-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<scriptrunat="server">
protectedvoid Page_Load(object sender, EventArgs e)
{
if (!IsPostBack && !X.IsAjaxRequest)
{
string zpText = Server.HtmlDecode("<script>alert('Argh');</script>");
txtTest.Text = zpText;
lblUserUserCreated.Text = "bob the builder";
lblUserUserUpdated.Text = "bob's mate";
}
}
</script>
<htmlxmlns="http://www.w3.org/1999/xhtml">
<headrunat="server">
<title></title>
</head>
<body>
<formid="form1"runat="server">
<ext:ResourceManagerid="smrMain"runat="server"></ext:ResourceManager>
<ext:viewportrunat="server"id="vwDefault">
<Items>
<ext:borderlayoutID="Borderlayout1"runat="server">
<center>
<ext:formpanelrunat="server">
<items>
<ext:rowlayoutID="Rowlayout1"runat="server">
<Rows>
<ext:LayoutRowRowHeight="1">
<ext:formPanellabelwidth="150"runat="server"forcelayout="true"id="frmUser"padding="5"border="false">
<items>
<ext:textfieldwidth="150"id="txtTest"maxlength="50"allowblank="true"fieldlabel="Test"runat="server"></ext:textfield>
</items>
</ext:formPanel>
</ext:LayoutRow>
<ext:layoutrow>
<ext:formPanellabelwidth="80"ID="FormPanel1"forcelayout="true"runat="server"padding="5"border="false">
<Items>
<ext:displayfieldid="lblUserUserCreated"FieldLabel="User Created"runat="server"></ext:displayfield>
<ext:displayfieldid="lblUserUserUpdated"FieldLabel="User Updated"runat="server"></ext:displayfield>
</Items>
</ext:formPanel>
</ext:layoutrow>
</Rows>
</ext:rowlayout>
</items>
</ext:formpanel>
</center>
</ext:borderlayout>
</Items>
</ext:viewport>
</form>
</body>
</html>
Last edited by Daniil; Aug 05, 2010 at 1:00 PM.