I have several text boxes in an ASP.NET Web Form. I want to ensure that users are not entering HTML into those text boxes. However, I'm not sure how to prevent HTML from being entered. Because of this, I decided that I want to only allow alphanumeric characters, spaces, exclamation point, sharp sign, dollar signs, percentage signs, carets, stars, and left and right parenthesis. I'm omitting the ampersand because I do not want them entering something like "<script&rt;..."
How do I do this? Am I doing it the right way?
Thank you!
Have a look here http://msdn.microsoft.com/en-us/library/ff649310.aspx
You can put a blanket statement in the web config ValidateRequest = true will check all user input and throw an error if a user inserts something with bad characters.
If you need to allow some html tags then you will need to roll your own.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With