I was getting error "A potential dangerous request" .. in Web Form application I have tried with "validatepage=false" and "" then i tried Server.HtmlEncode so it is saving encoded html in database. Now when i showed the data in Repeater control by Server.HtmlDecode(DataContent.FieldValue("Contents", Container))
It is showing text with html tags like <p>asfd</p>
..
how i can resolve this issue? In razor view Html.Raw works fine but what is alternative in webform view / ASP.NET? Can anybody help?
Raw can result in a XSS vulnerability being exploitable since an attacker can craft a special URL containing a malicious JavaScript payload that will be executed by the victim's browser if he or she sends an invalid 2FA confirmation code.
Does this mean ASP.NET Web Forms is dead and should no longer be used? Of course not! As long as the . NET Framework ships as part of Windows, ASP.NET Web Forms will be a supported framework.
Using Html. Raw allows you to output text containing html elements to the client, and have them still be rendered as such. Should be used with caution, as it exposes you to cross site scripting vulnerabilities.
Raw method does not work and I have to use HttpUtility. HtmlDecode(EncodedContent) before I use Html.
you can use <%= value %> which will not encode the value.
or you can implement your own version of HTML.Raw
Html.Raw returns an IHtmlString instance which is almost same as string but ASP.net doesn't encode IHtmlString.
Simple function to replicate HTML.Raw()
/// <summary>
/// Stops asp.net from encoding the source HTML string.
/// </summary>
/// <param name="source"></param>
/// <returns></returns>
public static IHtmlString HTMLRaw(string source)
{
return new HtmlString(source);
}
You can use asp:Literal with Mode=PassThrough
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With