Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

using decodeURIComponent within asp.net

Tags:

javascript

asp.net

I encoded an html text property using javascript and pass it into my database as such. I mean the javascript for string like "Wales&PALS"

encodeURIComponent(e.value);

converted to "Wales%20PALS"

I want to convert it back to "Wales&PALS" from asp.net. Any idea on how to embed

decodeURIComponent(datatablevalues)

in my asp.net function to return the desired text?

like image 390
Peter Avatar asked Jun 17 '26 02:06

Peter

1 Answers

As a prevention for SQL injection we use parametrized queries or stored procedures. Encoding isn't really suitable for that. Html encoding is nice if you expect your users to add stuff to your website and you want to prevent them injecting malicious javascript for instance. By encoding the string the browser would just print out the contents. What you're doing is that you encode the string, add it to the database, but then you try to decode it back to the original state and display it for the clients. That way you're vulnerable to many kinds of javascript injections..

If that's what you intended, no problem, just be aware of the consequences. Know "why" and "how" every time you make a decision like this. It's kinda dangerous.

For instance, if you wanted to enable your users to add html tags as a means of enhancing the inserted content, a more secure alternative for this would be to create your own set of tags (or use an existing one like BBCode), so the input never contains any html markup and when you insert it into the database, simply parse it first to switch to real html tags. Asp.net engine will never allow malicious input during a request (unless you voluntarily force it do so) and because you already control parsing the input, you can be sure it's secure when you output it, so there's no need for some additional processing.

Just an idea for you :)

If you really insist on doing it your way (encode -> db -> decode -> output), we have some options how to do that. I'll show you one example:

For instance you could create a new get-only property, that would return your decoded data. (you will still maintain the original encoded data if you need to). Something like this:

public string DecodedData
{
   get
   {
       return HttpUtility.UrlDecode(originalData);
   }
}

http://msdn.microsoft.com/en-us/library/system.web.httputility.aspx

If you're trying to encode a html input, maybe you'd be better off with a different encoding mechanism. Not sure if javascripts encodeURIComponent can correctly parse out html.

like image 185
walther Avatar answered Jun 19 '26 16:06

walther
Sign in to Comment

Related questions

why my owl carousel items are sorted vertical not horizontal?
How to interpret caniuse website information?
For Loop on array from dynamic API in JSON format within template literals
Changing img src with React Hook that has a set onClick event
How get request with axios body raw json in vue js
Pass arguments to npm script in order to execute
Removing punctuation from strings?
How to display value in a column as links using react-bootstrap table-2?
Accessibility: Using javascript only links with href="#"
getting an error when passing some parameters
how to triple-click on python to select a paragraph?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!