Menu
I have an ASP.NET Web Forms application. There is a page with TextBoxes and users enter search terms into these which are used to query the database.
I know that I need to prevent JavaScript injection attacks. How do I do this?
In MVC I would use Html.Encode. It doesn't seem to be recognized in Web Forms.
Thanks!
997
Load the data to HTML–encode from a file, then press the 'Encode' button: Browse: Alternatively, type or paste in the text you want to HTML–encode, then press the 'Encode' button.
HtmlEncode(Object)Converts an object's string representation into an HTML-encoded string, and returns the encoded string. public: static System::String ^ HtmlEncode(System::Object ^ value); C# Copy.
HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML.
Any time you are trying to output data that could include untrusted html, you should use HTMLENCODE . Encodes text and merge field values for use in HTML by replacing characters that are reserved in HTML, such as the greater-than sign ( > ), with HTML entity equivalents, such as > .
You can use HttpUtility.HtmlEncode
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
